Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13035

User supplied 'goto' param validation needs to be confirmed with FT

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 6.0.0
    • None
    • Rank:
      1|hzvvuv:
    • No
    • No
    • Yes
    • Yes and I used the same an in the description

      Description

      Authentication using trees can handle a user defined URL parameter of "goto" which should define the successUrl once authentication succeeds. Since this parameter is user defined, it is open to abuse and needs to be validated. There currently is validation, but this needs to be confirmed with Functional Tests.

        Attachments

          Activity

            People

            sean.oneill Sean ONeill [X] (Inactive)
            sean.oneill Sean ONeill [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: