SAP Knowledge Base Article - Preview

2910827 - Sensitive data transmitted via hidden form fields Enterprise Portal vulnerability report

Symptom

You have performed a security scan of your Enterprise Portal system and a security vulnerability is reported similar to the below:

Sensitive information should not be transmitted using hidden form fields. This is because an attacker/hacker can view the web page source code and retrieve the stored values from the hidden form field.

A recommendation of using session cookies may be provided by the security report.


Read more...

Environment

  • SAP NetWeaver Application Server for Java release independent
  • Enterprise Portal

Product

SAP NetWeaver all versions

Keywords

security, scanner, ep, vulnerability, post, get, method, methods, http, https, hidden, forms, field, fields, htm, html , KBA , EP-PIN-SEC-SZ , Security Zones , EP-PIN-AI , Application Integration , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , EP-PIN-PCM , Portal Content Model , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.