Reverse tabnabbing

Reverse tabnabbing

Description

The system allows the introduction of a link to an external site controlled by a malicious actor. This site can then redirect the user to a different site in the original tab, making it look like a legitimate redirect performed by the system.

Impact

Redirect to the user to an external site controlled by a malicious actor in the tab where original site was, leading to a phishing attack.

Recommendation

Set the attribute rel with the noopener and noreferrer value in each external link.

Threat

Anonymous attacker from local network.

Expected Remediation Time

⌚ 15 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the src.

Base

  • Attack vector: A
  • Attack complexity: L
  • Privileges required: N
  • User interaction: R
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code maturity: X
  • Remediation level: O
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:X
  • Score:
    • Base: 3.5
    • Temporal: 3.4
  • Severity:
    • Base: Low
    • Temporal: Low

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

  • Attack vector: A
  • Attack complexity: L
  • Attack Requirements: N
  • Privileges required: N
  • User interaction: A
  • Confidentiality (VC): N
  • Integrity (VI): L
  • Availability (VA): N
  • Confidentiality (SC): N
  • Integrity (SI): L
  • Availability (SA): N

Threat 4.0

  • Exploit maturity: X

Result 4.0

  • Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X
  • Score:
    • CVSS-BT: 4.8
  • Severity:
    • CVSS-BT: Medium

Compliant code

The rel:noopener attribute is set in all external links of the application

<a href="uncontrolledUrl" rel="noopener noreferrer">Link to external web</a>

Non compliant code

Some external links are not securely set on the application

<a href="uncontrolledUrl">Link to external web</a>            

Requirements

Fixes

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.