Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13035

User supplied 'goto' param validation needs to be confirmed with FT

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.0
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Authentication using trees can handle a user defined URL parameter of "goto" which should define the successUrl once authentication succeeds. Since this parameter is user defined, it is open to abuse and needs to be validated. There currently is validation, but this needs to be confirmed with Functional Tests.

        Attachments

          Activity

            People

            • Assignee:
              sean.oneill Sean ONeill [X] (Inactive)
              Reporter:
              sean.oneill Sean ONeill [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: