search cancel

Reverse Tabnabbing issue with API Developer Portal

book

Article ID: 189928

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

According some Ethical Hackers in API Portal - is not fully protected against reverse tabnabbing .

In the example the link ‘play video’ is linking to an external url, using target=”_blank”, but not providing rel=”noopener”.

Environment

Release : 4.x

Component : API PORTAL

Resolution

We have examined the issue and concluded that all the URLs pointing to the external domain are either pointing to our ca.com or broadcom.com domain, both of which are owned by Broadcom 
This is by design and its references to our support pages, community pages, documentation, and some of our static resources like videos.

We do not see this t as a security issue and hence would not be able to publish any CVE for this .
We will add this as a bug in our backlog for portal to address this concern.