content:en_us:kb_3rdparty_rapid_7_click_jacking

TCP timestamp response

/** * This is the notes section. Rapid 7 response documents should ONLY be created by employees of ClearCenter with the authority to make statements on behalf of the company. If you have content that would be useful to the statement, please contact ClearCenter. */

'Clickjacking, also known as a UI redress attack, is a method in which an attacker uses multiple transparent or opaque layers to trick a user into clicking a button or link on a page other than the one they believe they are clicking. Thus, the attacker is “hijacking” clicks meant for one page and routing the user to an illegitimate page.'

ClearCenter response

ClearCenter is currently investigating this claim.

Short response

ClearCenter is currently reviewing anti-clickjacking mechanisms that could be employed with Webconfig that will address this issue.

Long response

ClearCenter is currently reviewing anti-clickjacking mechanisms that could be employed with Webconfig that will address this issue.

A bug tracker has been opened to address this issue:

https://tracker.clearos.com/view.php?id=21671

Resolution

Until a fix has been made, ensure that your Webconfig is only accessible to trusted networks and/or that you implement the 2FA For Webconfig (two-factor authentication) in Webconfig.

content/en_us/kb_3rdparty_rapid_7_click_jacking.txt · Last modified: 2018/10/03 15:10 by dloper

Page Tools