@gabriel: could you get another horizon-core dev to review this so that we can consider it pre-approved (and ready to be fast-tracked into review when the embargo ends ?) Just subscribe that person to the bug to give him access.
Proposed impact description, please validate:
Title: Open redirect through 'next' parameter
Impact: Medium
Reporter: Thomas Biege (SUSE)
Products: Horizon
Affects: Essex
Description:
Thomas Biege from SUSE reported a vulnerability in Horizon authentication mechanism. By adding a malicious 'next' parameter to a Horizon authentication URL and enticing an unsuspecting user to follow it, the victim might get redirected after authentication to a malicious site where useful information could be extracted from him. Only setups running Essex are affected.
@gabriel: could you get another horizon-core dev to review this so that we can consider it pre-approved (and ready to be fast-tracked into review when the embargo ends ?) Just subscribe that person to the bug to give him access.
Proposed impact description, please validate:
Title: Open redirect through 'next' parameter
Impact: Medium
Reporter: Thomas Biege (SUSE)
Products: Horizon
Affects: Essex
Description:
Thomas Biege from SUSE reported a vulnerability in Horizon authentication mechanism. By adding a malicious 'next' parameter to a Horizon authentication URL and enticing an unsuspecting user to follow it, the victim might get redirected after authentication to a malicious site where useful information could be extracted from him. Only setups running Essex are affected.