Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-2485

[core] Fix Login redirection vulnerability

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Critical
          • Resolution: Fixed
          • Affects Version/s: 3.0.0
          • Fix Version/s: 3.8.0
          • Component/s: core.api
          • Labels:

            Description

            After a successful login, HUE allows redirection to an arbitrary site by modifying the site "<malicious.com>" in the URL: http://<my hue site>/accounts/login/?next=http://<malicious.com>.
            Since the attacker is allowed to fully control the name of the destination site, this could be used to mount a phishing attack against http://<my hue site>'s users, such as requiring the users to re-enter their credentials at the new site.

            This patch sets redirect_whitelist configuration default value to "^\/.*$”, and limits all redirections to the same host where HUE is running by default to prevent phishing attacks.

              Attachments

                Issue Links

                depends on

                Bug - A problem which impairs or prevents the functions of the product. HUE-3626 Regex Tightening to Resolve URL Redirection Vulnerability

                • Major - Major loss of function.
                • Resolved

                  Activity

                    People

                    • Assignee:
                      shuodiaoaws Shuo Diao
                      Reporter:
                      shuodiaoaws Shuo Diao
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      3 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: