Products.PluggableAuthService 2.6.0 - Open Redirect

vendor:

Products.PluggableAuthService

by:

Piyush Patil

6.1

CVSS

MEDIUM

Open Redirect

601

CWE

Product Name: Products.PluggableAuthService

Affected Version From: < 2.6.1

Affected Version To: 2.6.0

Patch Exists: YES

Related CWE: CVE-2021-21337

CPE: a:zope_foundation:products.pluggableauthservice

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2021

Products.PluggableAuthService 2.6.0 – Open Redirect

An open redirect vulnerability exists in Products.PluggableAuthService version 2.6.0 and below. An attacker can exploit this vulnerability by changing the 'came_from' parameter value to a malicious website in the login page. This will redirect the user to an attacker-controlled website.

Mitigation:

Upgrade to Products.PluggableAuthService version 2.6.1 or later.

Source

Exploit-DB raw data:

# Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect
# Exploit Author: Piyush Patil
# Affected Component: Pluggable Zope authentication/authorization framework
# Component Link: https://pypi.org/project/Products.PluggableAuthService/
# Version: < 2.6.1
# CVE: CVE-2021-21337
# Reference: https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr


--------------------------Proof of Concept-----------------------

1- Goto https://localhost/login
2- Turn on intercept and click on the login
3- Change "came_from" parameter value to https://attacker.com
4- User will be redirected to an attacker-controlled website.

Fix: pip install "Products.PluggableAuthService>=2.6.1"