Open Redirect Security Issue? #3922
tobiasgrossmann
started this conversation in
Feedback
Replies: 2 comments
-
The service should only redirect to the |
Beta Was this translation helpful? Give feedback.
0 replies
-
Furthermore, in the future, please report potential security bugs to MSRC, instead of posting publicly. https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/SECURITY.md |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi, we noticed that the links created for Logout might be a vector for an open redirect attack. Could someone have a look? We are not sure and maybe there is a mitigation in place?
https://[tenant].b2clogin.com/[tenant].onmicrosoft.com/b2c_1_signup_signin/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fstartpage.com%2F
"msal": "^1.4.6"
Thanks
Beta Was this translation helpful? Give feedback.
All reactions