Improved
Protection Versus Login-XSRF
By default, SAP NetWeaver Application Server (AS) Java enables automatic logon with just the user ID and password as URL parameters. This eases the operation of some scenarios, but exposes potential exploits for login cross-site request forgery (login-XSRF). To improve protection against login-XSRF attacks, we recommend that you disable or set to false the authentication property Enable Automatic Logon with User ID and Password(ume.logon.userpwd_automatic_logon). See also SAP Note 1441999.
For more
information about configuring authentication properties, see
Configuring
Authentication Properties.