Reverse Tabnabbing findings are scanned as part of the Security Misconfiguration Vulnerabilities Security Tests used to evaluate the Web Application Security Risk Vector.
This security test helps you identify potential phishing risks. When a user navigates to a link with a target value of _blank, the link opens in a new tab, and the opener object is passed to the new browsing context. This enables the new browsing context to potentially redirect the (now backgrounded) previous tab in a manner that is not obvious to the user, which can facilitate phishing attacks.
The presence of a rel attribute with the value of noopener or noreferrer prevents the opener object from being passed to the new browsing context.
Need to fix?
- Ensure that any link using target="_blank" also includes rel="noopener" or rel="noreferrer".
- Avoid using rel="opener" with target="_blank".
- Review your codebase for all external links and update them accordingly.
This prevents the new tab from having access to the original page, reducing phishing risks.
Unsafe (vulnerable) example:
<a href="https://example.com" target="_blank">Visit Example</a>Safe example:
<a href="https://example.com" target="_blank" rel="noopener">Visit Example</a>
You can also use:
<a href="https://example.com" target="_blank" rel="noreferrer">Visit Example</a>Does this impact my WAS Risk Vector Grade? No.
Possible Grades: Reverse Tabnabbing findings are informational and hold a Neutral weight (Not Applicable).
What will I see in the Portal?
Details: With this configuration, the link is opened in a new tab and a redirect of the (now backgrounded) previous tab may be done in a manner that is not obvious to the user. This can facilitate phishing attacks.
Feedback
0 comments
Please sign in to leave a comment.