[OPENAM-13035] User supplied 'goto' param validation needs to be confirmed with FT - ForgeRock JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.0.0
Component/s: None
Labels:
- AME
- Must-Fix
- TESLA

Target Version/s:

6.5.0
Rank:
1|hzvvuv:

Needs backport:

No

Needs QA verification:

No
Functional tests:

Yes
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Authentication using trees can handle a user defined URL parameter of "goto" which should define the successUrl once authentication succeeds. Since this parameter is user defined, it is open to abuse and needs to be validated. There currently is validation, but this needs to be confirmed with Functional Tests.

Attachments

Activity

People

Assignee:: Sean ONeill [X] (Inactive)

Reporter:: Sean ONeill [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018-04-30 3:40 PM

Updated:: 2018-06-06 3:10 PM

Resolved:: 2018-05-02 10:00 AM