Comment 4 for bug 1039077
Revision history for this message
| Thierry Carrez (ttx) wrote Re: open redirect / phishing attack via "next" parameter | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@gabriel: could you get another horizon-core dev to review this so that we can consider it pre-approved (and ready to be fast-tracked into review when the embargo ends ?) Just subscribe that person to the bug to give him access.
Proposed impact description, please validate:
Title: Open redirect through 'next' parameter
Impact: Medium
Reporter: Thomas Biege (SUSE)
Products: Horizon
Affects: Essex
Description:
Thomas Biege from SUSE reported a vulnerability in Horizon authentication mechanism. By adding a malicious 'next' parameter to a Horizon authentication URL and enticing an unsuspecting user to follow it, the victim might get redirected after authentication to a malicious site where useful information could be extracted from him. Only setups running Essex are affected.