Open Redirect Vulnerability

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: DEC 29, 2014 Latest Update: DEC 29, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7294 CVSS v2 Base Score: 5.8 …

Continue reading CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability