Closed tuxwielder closed 6 months ago
What bad thing will happen as a result of this so-called vulnerability? None of HotCRP's cookies or private information will be passed to bing.
More specifically, in a classical open-redirect vulnerability, the site redirects to an external SPOOF login page which can steal user credentials. In HotCRP the redirection is happening after signin. I guess the idea is the user might enter their signin credentials again or something?
Hi Eddie,
I'll cite the reporter:
" Impact One of the main uses for this vulnerability is to make phishing attacks more credible and effective. When an Open Redirect is used in a phishing attack, the victim receives an email that looks legitimate with a link that points to a correct and expected domain. more info refer https://cwe.mitre.org/data/definitions/601.html "
With kind regards,
Jeroen
On 14/12/2023 15:47, Eddie Kohler wrote:
More specifically, in a classical open-redirect vulnerability, the site redirects to an external SPOOF login page which can steal user credentials. In HotCRP the redirection is happening /after/ signin. I guess the idea is the user might enter their signin credentials again or something?
— Reply to this email directly, view it on GitHub <https://github.com/kohler/hotcrp/issues/330#issuecomment-1855985791 You are receiving this because you authored the thread.Message ID: @.***>
-- CERT-UvA -- CERT University of Amsterdam Jeroen Roodhart email: @.*** https://extranet.uva.nl/en/content/a-z/cert-uva/cert-uva.html phone: +31 20 525 3322 attended 24/7
This is addressed in a80cfebf95c5220d5d0c54b0d4498c8124f8277c and prior commits, thanks for reporting it.
Through our responsible disclosure program we are alerted to an open redirect vulnerability on our HotCRP-instance. This issue is also present in the upstream test environment. When logged in, the following redirect is successful:
https://test.hotcrp.com/signin?redirect=https://bing.com
Seems like an issue that needs hardening.
With kind regards,