Taguette Open Redirect Vulnerability Allowing Phishing Attacks

An open redirect vulnerability has been identified in Taguette, a qualitative research tool, affecting versions through 1.5.1. The issue arises because the application accepts a user-controlled 'next' parameter and uses it in HTTP redirects without proper validation. This vulnerability can be exploited to redirect users to arbitrary external websites after authentication, potentially leading to phishing attacks where victims are misled into believing they are interacting with a trusted Taguette instance.

Impact

Exploitation of this vulnerability allows for open redirection to external sites, which can be used for phishing attacks, credential theft, malware distribution, session hijacking, and damaging the reputation of organizations using Taguette.

Reproduction

To reproduce this vulnerability, log into a Taguette instance running version 1.5.1 or below. After logging in, visit the login page again with a crafted URL that includes a 'next' parameter pointing to an external site, such as 'https://google.com'. The application will redirect to the external site without validating the 'next' parameter. This can also be tested by accepting cookies in the cookies prompt, which will trigger a similar redirect.

Remediation

Users can update to Taguette version 1.5.2, where this vulnerability has been patched.