Closed
Description
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I'm convinced that mine is new.
Describe the bug
Redirect URL in login page was not filtered and can redirect user to any website.
Attackers can send a URL like https://<FIREWALL_IP>/?url=http://phishing-site.com/ to firewall user. If user enter the credential and login, he will be redirected to malicious page
To Reproduce
Steps to reproduce the behavior:
- Access
https://<FIREWALL_IP>/?url=http://example.com - Enter the credential.
- User was redirected to
http://example.com
Environment
OPNsense 20.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019