Products.PluggableAuthService 2.6.0 Open Redirect

2021.06.02

Credit: Piyush Patil

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2021-21337

CWE: CWE-601

CVSS Base Score: 5.8/10

Impact Subscore: 4.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: None

# Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect
# Exploit Author: Piyush Patil
# Affected Component: Pluggable Zope authentication/authorization framework
# Component Link: https://pypi.org/project/Products.PluggableAuthService/
# Version: < 2.6.1
# CVE: CVE-2021-21337
# Reference: https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr


--------------------------Proof of Concept-----------------------

1- Goto https://localhost/login
2- Turn on intercept and click on the login
3- Change "came_from" parameter value to https://attacker.com
4- User will be redirected to an attacker-controlled website.

Fix: pip install "Products.PluggableAuthService>=2.6.1"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Products.PluggableAuthService 2.6.0 Open Redirect

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.