Hi, We recently commissioned a third-party security audit of our application, and one of the findings was this:
Cross-Site Redirection (Medium Impact, Moderate Difficulty in exploiting) If one pastes this string into the browser https://*cas.mydomain.com* /cas/login?TARGET=https://yahoo.com then, after authentication, the browser is redirected without complaint to yahoo.com. The report said in detail: "The application was found to take a URL as a parameter to determine where to direct the user. <Consultant> found that this URL can be any value allowing an attacker to insert a malicious URL that can be used to redirect to an external site before or after authentication. A link to the login page, containing this URL could therefore be created, which can then be sent to a victim (e.g. as an email phishing attack). When the victim accesses this link, they are initially sent to the valid site. After authentication they can be redirected to a third party site without their knowledge. This second site could be under the control of an attacker, and perform such actions as re-requesting their authentication details and performing a man-in-the-middle attack between the victim and the client's site, ultimately giving the attacker authenticated access to the application." My questions are: 1. Is this a security hole in CAS as suggested by the security auditor? 2. Is there a workaround that we can implement? Regards, Ganesh -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/099ee631-39d7-4d6a-b559-5e11a5f32467%40apereo.org.
