Werk #6622: Fixed possible open redirect on login page
Component | User interface |
Title | Fixed possible open redirect on login page |
Date | Sep 17, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
It was possible to redirect an user to external websites through manipulating GET parameters. To exploit this vulnerability, an attacker needs to trick a user into following a crafted URL. The attack only works if the user does not notice that he is redirected to a different URL.