Werk #6622: Fixed possible open redirect on login page
Komponente | User interface |
Titel | Fixed possible open redirect on login page |
Datum | 17.09.2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
It was possible to redirect an user to external websites through manipulating GET parameters. To exploit this vulnerability, an attacker needs to trick a user into following a crafted URL. The attack only works if the user does not notice that he is redirected to a different URL.