Browser back and refresh button attack vulnerability for Author instance. | Community
Skip to main content
Level 2
September 2, 2022
Solved

Browser back and refresh button attack vulnerability for Author instance.

  • September 2, 2022
  • 3 replies
  • 2113 views
Browser back and refresh button attack vulnerability for Author instance. I have Set Cache-control headers, but issue is partial solved for siteadmin but for welcome screen its exists

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

3 replies

joerghoh
Adobe Employee
joerghohAdobe EmployeeAccepted solution
Adobe Employee
September 4, 2022

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

arunpatidar
Community Advisor
Community Advisor
September 5, 2022

Please raise it with Adobe.

 

Just a side note:

As AEM Author access is primarily restricted within intranets, it is not exposed to end users, so this won't have a major impact. 

Arun Patidar
Level 2
September 9, 2022

thanks for the reply. I have raised some but they have mentioned as this is not considered a vulnerability within our threat model. So, I'm looking for suggestions.

joerghoh
Adobe Employee
Adobe Employee
September 9, 2022

so if I understand you right, the Adobe security mentioned that this is not covered by their thread-model, but your own security team (or of the customer you are working with) says it is part of their threat-model?

 

I don't think that you can solve this difference in understanding. Rather let the security teams talk to each other and resolve it themselves. 

Level 2
September 13, 2022

thanks