Defect #19577

Updated by Jan from Planio over 6 years ago

h2. Summary

The valid_back_url? @valid_back_url?@ method used e.g. after a login to redirect the user
back to where they came from doesn't properly validate passed URLs
resulting in an open redirect vulnerability which can be used for
phishing and other attacks.

After the redirect to the untrusted site, phishers may then steal the
user’s credentials and then use these credentials to access the
legitimate web site. Because the server name in the modified link is
identical to the original site, phishing attempts have a more
trustworthy appearance.

h2. Description

When redirecting the user back after a successful login,
redirect_back_or_default is trying to validate the passed URL to ensure
that the target of the HTTP 302 redirect is valid.

However, the valid_back_url? method used to validate the URL doesn't
take some cases into account which can result in a redirect to an
arbitrarily chosen host.