Information Leakage / Long Redirection Response
Long redirection response is an information leakage vulnerability that occurs in web and API applications. This vulnerability is identified in the CWE directory as CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). It is defined as a security issue where an attacker can use a vulnerable web application to redirect users to an untrusted site, allowing the attacker to steal user credentials or other sensitive data. This vulnerability is commonly found in web applications that use an open redirection response, where a user is redirected to a URL that is not hard-coded or validated by the application. The OWASP Testing Guide provides further guidance on how to test for this vulnerability.
Long redirection response can lead to serious consequences such as user credential theft, phishing attacks, spam, and malicious content. It also can lead to a user’s browser being exposed to malicious code. This vulnerability has a high risk assessment due to the potential of a malicious actor gaining access to user data.
To mitigate this vulnerability, organizations should ensure that all URLs used for redirection are hard-coded and validated by the application. Organizations should also ensure that their web and API applications never accept an open redirection response from user input. Additionally, organizations should use proper authentication and authorization mechanisms to ensure that only valid users can access the application.
The following example is taken from CVE-2018-20386. In this example, an open redirection vulnerability is present in a web application. The vulnerable code is written in Python:
def redirect(request): if request.method == 'GET': return redirect(request.args.get('next'))
This code allows the user to provide a URL as the parameter "next" in a GET request, which the application will use to redirect the user to the specified URL. This allows an attacker to craft a malicious URL and redirect the user to an untrusted site.