[x] I have searched the existing issues and I'm convinced that mine is new.
Describe the bug
Redirect URL in login page was not filtered and can redirect user to any website.
Attackers can send a URL like https://<FIREWALL_IP>/?url=http://phishing-site.com/ to firewall user. If user enter the credential and login, he will be redirected to malicious page
Another reasonable payload is like http://192.168.1.1/?url=http://csrf_token_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.hacker.com which is more easily to obfuscate user. csrf_token_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX is a fake subdomain of hacker.com.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I'm convinced that mine is new.
Describe the bug
Redirect URL in login page was not filtered and can redirect user to any website.
Attackers can send a URL like
https://<FIREWALL_IP>/?url=http://phishing-site.com/to firewall user. If user enter the credential and login, he will be redirected to malicious pageTo Reproduce
Steps to reproduce the behavior:
https://<FIREWALL_IP>/?url=http://example.comhttp://example.comEnvironment
OPNsense 20.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019
The text was updated successfully, but these errors were encountered: