Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Open redirect vulnerability on 2FA #4307
This bug was submitted via a Bug Bounty program my company has, and I'd love to hear your thoughts on it
During the login process when the victim has entered his/her password and is then redirected to the page where he/she is told to enter his 2FA Code at this point the attacker will send a crafted link "https://try.gitea.io/user/login?redirect_to=//google.com/"
This crafted link will send this to same page he/she was viewing before and he/she will think it is a legitimate page is being loaded from "try.gitea.io"
Now they will enter there 2FA code there and will then be redirected on google.com or any other web page the attacker wants.
More info about open redirect vulnerabilities and why they're a problem:
You must have 2FA enabled on your account.