Hello and welcome to the Wednesday, February 25th, 2006 edition of the Sands International

Storm Center's Stormcast. My name is Johannes Ulrich, recording day from Jacksonville, Florida.

And this episode is brought you by the Sands.edu, graduate certificate program in cloud security.

One thing I noticed today was that our honeypots have been seeing recently a big increase

in the number of scans looking for open redirects.

An open redirect is a feature in a web application where the web application redirects you

to another site without any regard as to where the user is really being redirected to.

And it often happens as part login pages where you would like to, for example, direct a user

to the page the originally attempted to visit, and

well, also have clicked through counters and similar features that often use redirects, and

with that are susceptible to creating open redirects. There are a couple of problems with open

redirects. So open redirects is basically a redirect.

They are not really filtering what page you're redirecting the user to.

The receiving page may then, for example, receive URL parameters, but could also be used for fishing.

One spot where this has been particular sort of a little bit of problem lately is with Oath 2,

where during this of the initial credential flow where you are authorizing a site to use a particular service.

Well, the size is being redirected back to the client that's attempting

to use these credentials. But if an attacker is able to swap that redirect URI for a URI that is

vulnerable for an open redirect, the attacker may obtain credentials, and that sort of bypasses

some of the protections that sites have put in place to prevent these changes of the redirect

URI.

So it's certainly an important vulnerability.

...