Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Browser back and refresh button attack vulnerability for Author instance.

Avatar

Level 2
Browser back and refresh button attack vulnerability for Author instance. I have Set Cache-control headers, but issue is partial solved for siteadmin but for welcome screen its exists

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

View solution in original post

5 Replies

Avatar

Correct answer by
Employee Advisor

Please raise a ticket with Adobe support and  include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

 

Thanks for your help,

Jörg

Avatar

Community Advisor

Please raise it with Adobe.

 

Just a side note:

As AEM Author access is primarily restricted within intranets, it is not exposed to end users, so this won't have a major impact. 

Avatar

Level 2

thanks for the reply. I have raised some but they have mentioned as this is not considered a vulnerability within our threat model. So, I'm looking for suggestions.

Avatar

Employee Advisor

so if I understand you right, the Adobe security mentioned that this is not covered by their thread-model, but your own security team (or of the customer you are working with) says it is part of their threat-model?

 

I don't think that you can solve this difference in understanding. Rather let the security teams talk to each other and resolve it themselves.