AnsweredAssumed Answered

Prevent Custom data insertion on login.fcc

Question asked by VjSingh on Jun 24, 2014
Latest reply on Oct 14, 2014 by VjSingh

HI, We are looking at a security vulnerability in terms of custom data insertion in login.fcc. for ex. smauthreason=null&target=TARGET&postpreservationdata=&USER=***&PASSWORD=YYYY&USER=ZZZZ I have come across some suggestions to encode the contents of login.fcc but what I see is that it does not encode the USER & PASSWORD fields. Are there any suggestions for preventing this custom data insertion in the login.fcc. Thanks, Vijay

Outcomes