Open Redirect Vulnerability in Login Flow Allows Unauthorized Token Disclosure

Open Redirect Vulnerability in Login Flow Allows Unauthorized Token Disclosure

CVE-2023-28799 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. 

Learn more about our User Device Pen Test.