Hi,
It has been suggested that our current configuration of ACS 5.3.40 could be prone to Clickjacking attacks
Regarding the GUI the ACS needs to be configured to respond to X-Frame Options HTTP header to instruct the browser not to load the application within frames (although ACS 5.3 GUI doesn't appear to use frames). Another suggestion was to include defensive breaking scripts in the application to ensure the application won't be loaded up within a frame.
How can I implement the above? I haven't spotted any of these options in the GUI or CLI pdf. Would I have to raise a software enhancement with Cisco for this or is there a patch available for this?
Thanks very much,
Stuart.