Authentication Platform, Open Redirect Vulnerability, CVE-2023-XXXXX (Medium)

Listen to this Post

An Open Redirect vulnerability exists due to insufficient validation of the `return` parameter within the OAuth authentication flow’s login initialization endpoint (/oauth/authorize). An attacker can craft a malicious authentication request link containing a fully-qualified external URL for the `return` parameter. When a victim clicks this link and completes the OAuth consent screen, the application’s backend fails to validate that the `return_to` value is a relative path or a whitelisted domain. Consequently, the server blindly issues a 302 redirect to the attacker-controlled URL specified in the parameter, sending the user and their newly obtained authorization code or session token to a malicious site.
Platform: Authentication Platform
Version: < v2.1.2
Vulnerability: Open Redirect
Severity: Medium
Date: 2023-10-15

Prediction: 2023-10-22

What Undercode Say:

Check current version

curl -s https://api.example.com/version | jq .version

Test for vulnerability (replace DOMAIN)

curl -I “https://TARGET/oauth/authorize?client_id=CLIENT&return=https://evil.com”

Example fix validation (pseudo-code)

if not return_url.startswith(‘/’) or return_url.domain not in ALLOWED_DOMAINS:

raise InvalidRedirectError()

How Exploit:

https://target.com/oauth/authorize?client_id=legit_app&return=https://phishing.com/steal

Protection from this CVE:

Update to v2.1.2

Validate redirect URLs

Use allowlist for domains

Impact:

Phishing attacks

Credential leakage

Reputational damage

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top