SAP Knowledge Base Article - Public

3056578 - Session Hijacking - Recruiting Management

Symptom

It was carried out a security inspection on the career site and it was found a vulnerability that could allow an action called SESSION HIJACKING.

Environment

  • SAP SuccessFactors Recruiting Management (RCM)
  • SAP SuccessFactors Recruiting Marketing (RMK)

Resolution

Session hijacking is an attack where a user session is taken over by an attacker. A session starts when you log into a service, for example your Candidate Profile, and ends when you log out. The attack relies on the attacker’s knowledge of your session cookie, so it is also called cookie hijacking or cookie side-jacking.

SuccessFactors has relevant mechanism to keep the cookie safeIt means if the attacker was not able to get the victim’s cookie, the attacker won't have a chance to reuse the cookie and information contained on it.

Keywords

Session, Hijacking, Cookie, Candidate, Profile, RCM, Recruiting, RMK , KBA , LOD-SF-RCM-POR , Career and Agency Portals , LOD-SF-RCM , Recruiting Management , LOD-SF-RMK , Recruiting Marketing , Problem

Product

SAP SuccessFactors Recruiting all versions