HawkScan Test Info for Reverse Tabnabbing

Reverse Tabnabbing

Reference

Plugin Id: 10108 | CWE: 1022

Remediation

To remediate the vulnerability of Reverse Tabnabbing, the target attribute of the link should include both the “noopener” and “noreferrer” keywords in the “rel” attribute. This prevents the target page from being able to take control of the current page.

About

Reverse Tabnabbing is a vulnerability that occurs when a link on a webpage uses the target attribute without including the “noopener” and “noreferrer” keywords in the “rel” attribute. This vulnerability allows the target page to take control of the current page, potentially leading to phishing attacks or other malicious activities.

Risks

The risks associated with the Reverse Tabnabbing vulnerability include:

  1. Phishing attacks: By taking control of the current page, the target page can display a fake login form or other deceptive content to trick users into entering sensitive information.

  2. Malware installation: The target page can exploit the vulnerability to automatically download and install malware on the user’s device without their knowledge or consent.

  3. Session hijacking: If the user is logged into a website on the current page, the target page can hijack the user’s session and gain unauthorized access to their account.

To mitigate these risks, it is crucial to ensure that all links on a webpage that use the target attribute include both the “noopener” and “noreferrer” keywords in the “rel” attribute. This prevents the target page from being able to manipulate or control the current page, protecting users from potential malicious activities.