Skip to Content
Jan 19, 2016 at 10:43 PM

Portal 7.31 Logon Page Clickjacking Vulnerability Question


Portal 7.31 Logon Page Clickjacking Vulnerability Question Our Internal Security has flagged our Portal Logon Page as having the Possibility of Clickjacking Vulnerability. Security have stated the following: The web server does not set an X-Frame-Options response header in all content responses. This could potentially expose the site to a clickjacking or UI Redress attack wherein an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions. Note that while the X-Frame-Options response header is not the only mitigation for clickjacking, it is currently the most reliable method to detect through automation. I thought SAP handled Clickjacking thru the coding of JSP’s but I cannot find any documentation to show our Security people I would like to know if and how SAP handles clickjacking in the Portal Logon Page? I would like to know if it is possible and how I would change the Portal Logon Page to include X-Frame-Options Any help on this matter would be greatly appreciated Thank you Sarah