This repository was archived by the owner on Jan 28, 2020. It is now read-only.
This repository was archived by the owner on Jan 28, 2020. It is now read-only.
Open Redirection issue #35
Closed
Description
Hello,
In IDP initiated login for Mellon, ReturnTo parameter could be really anything and that gets added as relayState. Once assertion is consumed, mellon redirects to relayState arbitrarily. This leads to Open Redirect security issue. Ideally, redirection code should check if its in same domain. Can this be tracked?
For example,
https://host/admin/auth/login?ReturnTo=https://www.google.com&IdP=
Will redirect to Google after successful assertion. This would also lead to Phishing kind of attack.
Metadata
Metadata
Assignees
Labels
No labels