Open Redirect

Description

Open Redirect is a vulnerability that occurs when a web application allows attackers to redirect users to an untrusted external site. This can be exploited by attackers to trick users into visiting malicious websites by leveraging the trust users have in the original, legitimate site.

Remediation

To prevent Open Redirect vulnerabilities, avoid using user-controlled input for URL redirection. Instead, use a whitelist of allowed URLs for redirection or require validation of the destination URL. Additionally, consider implementing a confirmation step where users must explicitly confirm that they want to proceed to the external link.

References

https://owasp.org/www-community/attacks/Open_redirect

Severity

MEDIUM

Owasp

Code: A05:2021

Category: Security Misconfiguration

Classification

CWE-601

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

4.3

CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

4.3