URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Medium |
Description#
The application redirects users to URLs specified by unvalidated user input, such as query parameters. This means attackers can supply their own URLs and cause users to be redirected to malicious or unintended sites.
Impact#
If exploited, attackers can trick users into visiting phishing or malicious websites by crafting links that appear to come from your application. This can lead to credential theft, loss of user trust, or facilitate further attacks like session hijacking.