yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1039077] Re: [OSSA 2012-012] open redirect / phishing attack via "next" parameter

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 07 Jun 2013 15:45:17 -0000
Reply-to: Bug 1039077 <1039077@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- open redirect / phishing attack via "next" parameter
+ [OSSA 2012-012] open redirect / phishing attack via "next" parameter

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Russell Bryant (russellb)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1039077

Title:
  [OSSA 2012-012] open redirect / phishing attack via "next" parameter

Status in OpenStack Dashboard (Horizon):
  Invalid
Status in OpenStack Dashboard (Horizon) essex series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “horizon” package in Ubuntu:
  Fix Released

Bug description:
  The "next" parameter is used here and there in the Dasboard.

  http://10.122.185.2/auth/login/?next=http://www.heise.de

  Redirects to www.heise.de.

  Instead of redirecting to heise an attacker can redirect to a cloned Dasboard
  to steal information, so called Phishing Attack.

  CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
  http://cwe.mitre.org/data/definitions/601.html

  Folsom seems to be safe, but it affects Essex.

  https://github.com/gabrielhurley/django_openstack_auth/pull/7

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1039077/+subscriptions