Hi Ganesh,
when I submit “/login?TARGET=https://yahoo.com” to our cas v5.2, I get an “application not authorized” error, so no redirection is happening. Maybe it’s a hole resulting from your service definitions? Regards, Arnold Von: [email protected] [mailto:[email protected]] Im Auftrag von Ganesh Prasad Gesendet: Donnerstag, 27. September 2018 08:31 An: CAS Community <[email protected]> Betreff: [cas-user] TARGET URL parameter associated with samlValidate can be misused to redirect to malicious sites (?) Hi, We recently commissioned a third-party security audit of our application, and one of the findings was this: Cross-Site Redirection (Medium Impact, Moderate Difficulty in exploiting) If one pastes this string into the browser <https://cas.mydomain.com/cas/login?TARGET=https://yahoo.com> https://cas.mydomain.com/cas/login?TARGET=https://yahoo.com then, after authentication, the browser is redirected without complaint to yahoo.com. The report said in detail: "The application was found to take a URL as a parameter to determine where to direct the user. <Consultant> found that this URL can be any value allowing an attacker to insert a malicious URL that can be used to redirect to an external site before or after authentication. A link to the login page, containing this URL could therefore be created, which can then be sent to a victim (e.g. as an email phishing attack). When the victim accesses this link, they are initially sent to the valid site. After authentication they can be redirected to a third party site without their knowledge. This second site could be under the control of an attacker, and perform such actions as re-requesting their authentication details and performing a man-in-the-middle attack between the victim and the client's site, ultimately giving the attacker authenticated access to the application." My questions are: 1. Is this a security hole in CAS as suggested by the security auditor? 2. Is there a workaround that we can implement? Regards, Ganesh -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/099ee631-39d7-4d6a-b559-5e11a5f32467%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/099ee631-39d7-4d6a-b559-5e11a5f32467%40apereo.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6a9f654bad24d1b92f5cb740cf90cac%40hrz.tu-darmstadt.de.
smime.p7s
Description: S/MIME cryptographic signature
