CVE-2021-32618 Scanner
CVE-2021-32618 scanner - Open Redirect vulnerability in flask-security
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
Flask-Security-Too is a Python package that is widely used to add security features to Flask applications. It is an independent version of Flask-Security, with the core features being based on the 3.0.0 version of Flask-Security. This package allows redirects after numerous successful views, such as login, by honoring the ?next query parameter. The package uses Pythons urlsplit library to validate that the URL specified in the next parameter is either relative or has the same netloc as the requesting URL.
CVE-2021-32618 is a vulnerability detected in Flask-Security-Too, where an attacker can exploit the product by sending a link with a malicious URL. The validation function provided by the package can be bypassed by simply including a payload in the URL query parameter field. An attacker can add a URL with the same netloc or a relative URL, allowing the browser to redirect the user to a different website. Even though this vulnerability is considered low in severity, an attacker can easily exploit unsuspecting users by using legitimate sites, making the attack more credible.
If exploited, this vulnerability can result in attackers redirecting unsuspecting users to malicious websites, causing them to inadvertently download malware, leading to further exploitation. This can also lead to phishing attacks, where sensitive information such as credit card details, login credentials, and other personal data can be stolen. Therefore, companies and website owners need to be vigilant to ensure that such vulnerabilities are detected and resolved before they can cause harm.
Finally, it is worth highlighting that the pro features of the s4e.io platform provide an easy and straightforward way to learn about vulnerabilities in your digital assets. With these features, it has never been easier to understand the weaknesses in your security and protect your digital assets. Through this platform, you can ensure that your software is configured to meet the highest possible standards and adhere to all security protocols, providing you with peace of mind that your sensitive information is protected.
REFERENCES
