Ravi Teja created SLING-3443:
--------------------------------
Summary: Parameter based redirection vulnerablility in
FormAuthenticationHandler
Key: SLING-3443
URL: https://issues.apache.org/jira/browse/SLING-3443
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Form Based Authentication 1.0.2
Reporter: Ravi Teja
Priority: Critical
Suppose your login url is: http://blah/blah?resource=http://www.google.com
Then after login succeeds, user would be redirected to http://www.google.com
Will be submitting a pull request for this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
