Abusing the Agent Role
This type of attack assumes that an 'agent' aims to use their position to gain information or money from a visitor. The agent tries to insert information into the visitor's web content, such as their own account number, or to learn information that they do not otherwise have access to, such as passwords and security questions.
How we Prevent the Agent Role from Abuse
The collaboration server never transmits passwords.
You can configure the collaboration server to block access to certain data presented through the instrumented web application. For example, the collaboration server may not show the personal settings page of an agent, it may hide account numbers, it may block access to account numbers and payment amounts, and it may prevent agents from executing payments.
Caution: unblu does not restrict traditional methods of social engineering over the telephone. An agent may still be able to talk a customer into giving away the password or executing specific actions. However, this is possible in all consulting situations, and it is not made easier by using unblu.
Can the Agent Role be Abused in a Cloud Setup?