URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The application redirects users to URLs provided directly by user input without validating or restricting the destination. This allows attackers to craft links that send users to malicious external sites via your application’s redirect feature.
Impact#
Exploiting this vulnerability, attackers can trick users into trusting and clicking malicious links that appear to come from your site, leading to phishing attacks, credential theft, or loss of user trust. It can also undermine the security reputation of your application.