Threat Class :URL Redirector Abuse
Reason :AppScan found a link to an external site, and was not able to resolve it
Technical Description :The web site contains a link to a non-existent domain.
An attacker can exploit this scenario to launch a phishing attack by registering the non-existent domain.
A naive user may browse to that link, thinking that he is within the original site, while in fact he is browsing the attacker site.
This situation may lead to sensitive information leakage, because the user trusts the malicious site.
Risk :It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.
Mitigation: It is advised to remove all links to non-existent domains.
In addition, periodically check the validity of links to external sites.
Threat Class :URL Redirector Abuse Reason :AppScan found a link to an external site, and was not able to resolve it Technical Description :The web site contains a link to a non-existent domain. An attacker can exploit this scenario to launch a phishing attack by registering the non-existent domain. A naive user may browse to that link, thinking that he is within the original site, while in fact he is browsing the attacker site. This situation may lead to sensitive information leakage, because the user trusts the malicious site. Risk :It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.
Mitigation: It is advised to remove all links to non-existent domains. In addition, periodically check the validity of links to external sites.
https://app.armorcode.com/#/findings/61868678