Description

An attacker can gain access to the application by knowing a valid username by changing the redirect with which the server responds.

Impact

- Bypass the authentication process by changing the page redirection and thus gain access to the applications functionality. - Know a valid user. - Change the redirect and access the application.

Recommendation

Put in place for every resource with business-critical functionality a strong authentication process and ensure that every user attempting to access it is logged in.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes