Werk #6622: Fixed possible open redirect on login page
| Component | User interface | ||||||
| Title | Fixed possible open redirect on login page | ||||||
| Date | Sep 17, 2018 | ||||||
| Level | Trivial Change | ||||||
| Class | Security Fix | ||||||
| Compatibility | Compatible - no manual interaction needed | ||||||
| Checkmk versions & editions |
|
It was possible to redirect an user to external websites through manipulating GET parameters. To exploit this vulnerability, an attacker needs to trick a user into following a crafted URL. The attack only works if the user does not notice that he is redirected to a different URL.