You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These vulnerabilities are caused by the fact that uri.hostname becomes NULL as a result of parsing(apr_uri_parse()) the redirect URL.
Looking at the code of mod_auth_openidc, when uri.hostname is NULL, the hostname is not checked.
Like mod_auth_mellon, there is an Open Redirect.
As reported on the e-mail list by AIMOTO Norihito:
I think mod_auth_openidc has the same Open Redirect as mod_auth_mellon.
These vulnerabilities are caused by the fact that uri.hostname becomes NULL as a result of parsing(apr_uri_parse()) the redirect URL.
Looking at the code of mod_auth_openidc, when uri.hostname is NULL, the hostname is not checked.
Like mod_auth_mellon, there is an Open Redirect.
static int oidc_handle_logout(request_rec *r, oidc_cfg *c,
oidc_session_t *session) {
〜
if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
const char *error_description = apr_psprintf(r->pool,
"Logout URL malformed: %s", url);
oidc_error(r, "%s", error_description);
return oidc_util_html_send_error(r, c->error_template,
"Malformed URL", error_description,
HTTP_INTERNAL_SERVER_ERROR);
I confirmed that Open Redirect occurs in v2.4.0.
Regards,
Norihito
The text was updated successfully, but these errors were encountered: