I would like some insight into the potential risks of clickjacking on a site that has a login and/or create account button (no other forms) that when selected open the hosted Classic Universal Login.
The Classic Universal Login can not be shown in an iframe (protection enabled). So, if the page with the buttons is clickjacked - what is at risk? To access anything that can cost the user, they must get thru the auth0 process first.
Can they create a page that looks like auth0 so they can get the login/pass - is that even clickjacking?
Thanks.