Closed phavekes closed 1 month ago
This issue is imported from pivotal
It\'s possible to manipulate the service name displayed in the loginscreen by altering the GET-parameters of the http request. This could lead to misleading users.
e.g.: https://login.test.eduid.nl/login/d072802c-338f-45ef-b2e8-102c690b0efe?name=Belastingdienst&stepup=true
(Peter Havekes - Apr 30, 2021)
phavekes
commented
1 month ago
This issue is imported from pivotal
e.g.: https://login.test.eduid.nl/login/d072802c-338f-45ef-b2e8-102c690b0efe?name=Belastingdienst&stepup=true