URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
User-supplied input is being used directly in a redirect, which lets attackers control the destination URL. This means users could be redirected to malicious sites if the input isn’t properly validated.
Impact#
An attacker could craft links that send users to phishing or malicious sites through your application’s redirects, leading to potential credential theft, loss of user trust, or exploitation of users. This can also be abused to bypass certain access controls or security policies.