My Cloud Home and ibi Websites Version 2.2.0, Clickjacking Vulnerability


WDC Tracking Number: WDC-19012
Product Line/Web:  My Cloud Home and ibi Portal Websites
Published: October 24, 2019

Last Updated: October 24, 2019

Description

The My Cloud Home and ibi Portal websites have been updated to improve their security. Versions prior to this were vulnerable to a clickjacking vulnerability in which an attacker could trick a user into clicking on an unexpected webpage element on the My Cloud Home and ibi portal websites. This could potentially route the user to an attacker chosen destination used for malicious purposes. This attack can be used to reveal confidential information or could lead to the attacker gaining complete control over a user’s system.

Product Impact
Last Updated
My Cloud Home Portal Websites (see links below)
October 24, 2019
ibi Portal Websites (see links below)
October 24, 2019

Advisory Summary

My Cloud Home and ibi portal websites have now addressed this clickjacking vulnerability by adding the X-Frame Options HTTP Response header to the pages that require protection from clickjacking. This frame-busting method is used to restrict a web page from being loaded in a sub-frame.

Addressed multiple Clickjacking vulnerabilities for the following websites:

 

CVE Number: CVE-2020-10951

Reported by: Tayyab Sial