Ascertia SigningHub Open Redirect Vulnerability

A malicious open redirection vulnerability has been identified in Ascertia SigningHub User version 10.0. This vulnerability allows attackers to redirect users to a malicious site via a crafted URL. The issue arises when the application improperly handles redirection parameters, enabling phishing attacks by exploiting the application's URL and SSL validation.

Impact

Exploitation of this vulnerability can lead to open redirection, allowing for potential phishing attacks against users of the application.

Reproduction

To reproduce this vulnerability, an unauthenticated user can navigate to the SigningHub application and use browser developer tools or an intercepting proxy to identify the vulnerable endpoint '/OAuth/OIDCAuthenticate?url='. Once the endpoint is found, a GET request can be crafted with an external domain in the 'url' parameter. When the crafted URL is submitted, the application redirects the user to the specified external site without any warning or validation.