URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The application redirects users to a URL specified by a query parameter without verifying if it’s a safe, local address. This allows attackers to craft links that send users to malicious websites.
Impact#
Exploiting this flaw, attackers can trick users into leaving your site for phishing pages or other harmful destinations, potentially leading to credential theft, loss of user trust, and reputational damage to your organization.