Symptom
You have performed a security scan of your Enterprise Portal system and a security vulnerability is reported similar to the below:
Sensitive information should not be transmitted using hidden form fields. This is because an attacker/hacker can view the web page source code and retrieve the stored values from the hidden form field.
A recommendation of using session cookies may be provided by the security report.
Read more...
Environment
- SAP NetWeaver Application Server for Java release independent
- Enterprise Portal
Product
Keywords
security, scanner, ep, vulnerability, post, get, method, methods, http, https, hidden, forms, field, fields, htm, html , KBA , EP-PIN-SEC-SZ , Security Zones , EP-PIN-AI , Application Integration , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , EP-PIN-PCM , Portal Content Model , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.