CWE-601βURL Redirection to Untrusted Site ('Open Redirect')
PUBLISHEDweakness recordLow
released 2007-05-07 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-601
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2007-05-07
- Latest Modification Date:
- 2025-12-11
Weakness Name
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Common Consequences
- Scope:
- Access Control
- Impact:
- Bypass Protection Mechanism, Gain Privileges or Assume Identity
- Notes:
- The user may be redirected to an untrusted page that contains malware which may then compromise the user's system. In some cases, an open redirect can also enable the immediate download of a file without the user's permission, because the redirection to an external site may lead to endpoints on those sites that automatically trigger a download action ("drive-by download" [REF-1478]). This will expose the user to extensive risk. The user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data.
- Scope:
- Access Control, Confidentiality, Other
- Impact:
- Bypass Protection Mechanism, Gain Privileges or Assume Identity, Other
- Notes:
- By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam. The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.