Skip to content
This repository has been archived by the owner on Jul 20, 2023. It is now read-only.

Login redirect doesn't verify redirect is local #109

Closed
feistjj opened this issue Feb 4, 2020 · 1 comment
Closed

Login redirect doesn't verify redirect is local #109

feistjj opened this issue Feb 4, 2020 · 1 comment

Comments

@feistjj
Copy link
Member

feistjj commented Feb 4, 2020

phosphor-webui/app/login/controllers/login-controller.js

Line 46 in c652ed1

$window.location.href = next;

This can be used to redirect a user anywhere given a bad link, should check first that redirect is local to current host.
@gtmills
Copy link
Member

gtmills commented Feb 10, 2020

Resolved by https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-webui/+/29216

jmbills pushed a commit to Intel-BMC/phosphor-webui that referenced this issue Feb 27, 2020
@feistjj
Block forwarding to non-local url
3e1cd51 
Currently we don't protect against forwarding to remote
url, so things like:

https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com

can be used to forward an unsuspecting user to a different
url. This fixes that issue.

Tested: Local redirects still work, above link does not

Closes openbmc#109

Change-Id: I4d6c52880156802860f405af43037fb84235912f
Signed-off-by: James Feist <james.feist@linux.intel.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@feistjj @gtmills