[LPE-1453] IFrame portlet vulnerable to password theft - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Completed
Affects Version/s: 5.1 EE SP4 (5.1.7), 5.2 EE SP1 (5.2.5)
Fix Version/s: 5.1 EE SP5 (5.1.8), 5.2 EE SP2 (5.2.6)
Component/s: Application Security, WCM > IFrame portlet
Labels:
- 5.2_release_notes
Environment:
All

Description

The IFrame portlet is vulnerable to password theft if untrusted users are allowed to add an IFrame portlet to a page. The untrusted user can configured the portlet to use the token @[email protected] (which contains a user's portal password) to send a user's password to a page that is setup to record the passwords.

To address this issue, a new property has been added to portal(-ext).properties

Specify a role name that a user must be associated with in order to
configure the IFrame portlet to use the @[email protected] token. This token is
used to post the password of users who access this portlet in order to
automatically login to the framed site.
#
No role is required by default. However, it is recommended that you
specify a role in high security environments where users who configure
this portlet may attempt password theft.
#
iframe.password.token.role

Attachments

Issue Links

is related to

LPS-5272 Iframe vulnerable to password theft attack if an untrusted user configures it

Closed

Activity

People

Assignee:: Michael Saechang

Reporter:: Brian Chan

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 06/Oct/09 4:40 AM

Updated:: 20/Dec/22 12:45 PM

Resolved:: 27/Oct/09 3:40 PM

Packages

Version	Package
5.1 EE SP5 (5.1.8)
5.2 EE SP2 (5.2.6)