Defect #19577
Updated by Jan from Planio www.plan.io about 9 years ago
h2. Summary The valid_back_url? @valid_back_url?@ method used e.g. after a login to redirect the user back to where they came from doesn't properly validate passed URLs resulting in an open redirect vulnerability which can be used for phishing and other attacks. After the redirect to the untrusted site, phishers may then steal the user’s credentials and then use these credentials to access the legitimate web site. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. h2. Description When redirecting the user back after a successful login, redirect_back_or_default is trying to validate the passed URL to ensure that the target of the HTTP 302 redirect is valid. However, the valid_back_url? method used to validate the URL doesn't take some cases into account which can result in a redirect to an arbitrarily chosen host.