Reverse tabnabbing
Description
The system allows the introduction of a link to an external site controlled by a malicious actor. This site can then redirect the user to a different site in the original tab, making it look like a legitimate redirect performed by the system.
Impact
Redirect to the user to an external site controlled by a malicious actor in the tab where original site was, leading to a phishing attack.
Recommendation
Set the attribute rel with the noopener and noreferrer value in each external link.
Threat
Anonymous attacker from local network.
Expected Remediation Time
⌚ 15 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: A
- Attack complexity: L
- Privileges required: N
- User interaction: R
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
Temporal
- Exploit code maturity: X
- Remediation level: O
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:X
- Score:
- Base: 3.5
- Temporal: 3.4
- Severity:
- Base: Low
- Temporal: Low
Score 4.0
Default score using CVSS 4.0 . It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): N
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): L
- Availability (SA): N
Threat 4.0
- Exploit maturity: X
Result 4.0
- Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X
- Score:
- CVSS-BT: 4.8
- Severity:
- CVSS-BT: Medium
Compliant code
The rel:noopener attribute is set in all external links of the application
<a href="uncontrolledUrl" rel="noopener noreferrer">Link to external web</a>
Non compliant code
Some external links are not securely set on the application
<a href="uncontrolledUrl">Link to external web</a>
Requirements
Fixes
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.