-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
5.4.11
-
None
In MAGNOLIA-5991 the option to do a GET login with additional parameters were removed to avoid malicious links.
But there are valid use cases for redirects after logins and this was addressed in MAGNOLIA-6043 by introducing mglnReturnTo Parameter. The problem with this generic parameter is, that is allows any kind of malicious redirects and also invalidates MAGNOLIA-5991.
Example Link: http://localhost:8080/konto?mgnlReturnTo=http%3A%2F%2Fexample.com%2Fnext
More on the topic: https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Discovering-Open-Redirect-Vulnerabilities/
A solution would be to keep the support for mglnReturnTo but maintain a white list of allowed urls and parameter names.
- caused by
-
MAGNOLIA-6043 LoginFilter: Allow dynamic redirects after authentication
- Closed