Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Browser back and refresh button attack vulnerability for Author instance.

Avatar

Level 2
Browser back and refresh button attack vulnerability for Author instance. I have Set Cache-control headers, but issue is partial solved for siteadmin but for welcome screen its exists

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

View solution in original post

5 Replies

Avatar

Correct answer by
Employee Advisor

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

Avatar

Community Advisor

Please raise it with Adobe.

 

Just a side note:

As AEM Author access is primarily restricted within intranets, it is not exposed to end users, so this won't have a major impact. 



Arun Patidar

Avatar

Level 2

thanks for the reply. I have raised some but they have mentioned as this is not considered a vulnerability within our threat model. So, I'm looking for suggestions.

Avatar

Employee Advisor

so if I understand you right, the Adobe security mentioned that this is not covered by their thread-model, but your own security team (or of the customer you are working with) says it is part of their threat-model?

 

I don't think that you can solve this difference in understanding. Rather let the security teams talk to each other and resolve it themselves.