Issue 890569 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Sep 30
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Unvalidated Open Redirect

Reported by prat...@gmail.com, Sep 29

Issue description

Issue name = “Unvalidated Open redirect”

Hi below are the steps to reproduce the bug

Step 1 - open below url in chromium browser 

https://www.chromium.org@bing.com

https://www.anysite.com@bing.com

Step2 - user would be directly redirected towards bing without validating

Comment 1 by dominickn@chromium.org, Sep 30

Status: WontFix (was: Unconfirmed)

This is a feature of URLs where you can supply a username and password in the URL for accessing a resource.

See https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Is-Chrome_s-support-for-userinfo-in-HTTP-URLs-e_g_http_user_password_example_com_considered-a-vulnerability for more info.

Project Member

Comment 2 by sheriffbot@chromium.org, Jan 7

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 890569 link

Issue metadata

Security: Unvalidated Open Redirect

Issue description

Comment 1 by dominickn@chromium.org, Sep 30

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jan 7

Comment 2 Deleted

Sign in to add a comment