Skip to content

URL open redirect leads to phishing attacks #4061

Closed
@naivekun

Description

@naivekun

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

[x] I have searched the existing issues and I'm convinced that mine is new.

Describe the bug
Redirect URL in login page was not filtered and can redirect user to any website.
Attackers can send a URL like https://<FIREWALL_IP>/?url=http://phishing-site.com/ to firewall user. If user enter the credential and login, he will be redirected to malicious page

To Reproduce
Steps to reproduce the behavior:

  1. Access https://<FIREWALL_IP>/?url=http://example.com
  2. Enter the credential.
  3. User was redirected to http://example.com

Environment
OPNsense 20.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019

Metadata

Metadata

Assignees

Labels

cleanupLow impact changes

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions