zlt2000 Microservices-Platform Open Redirect Vulnerability in OauthLogoutSuccessHandler
Vulnerability
An open redirect vulnerability has been identified in zlt2000 microservices-platform versions prior to 6.0.0. The issue arises in the OauthLogoutSuccessHandler.java file, specifically within the onLogoutSuccess function. Here, the redirect_url parameter is user-controllable and lacks proper security validation, allowing for manipulation that could lead to phishing attacks and other forms of exploitation. This vulnerability can be exploited remotely, and a proof-of-concept is available.
Impact
Exploitation of this vulnerability allows for open redirect, which can be used to conduct phishing attacks by redirecting users to malicious sites.
Reproduction
To reproduce this vulnerability, send a request to the OAuth logout endpoint with a redirect_url parameter that points to an external site, such as google.com. The application will redirect the user to the specified URL without validating the redirect_url parameter, thereby exploiting the open redirect vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.