1 min read

Open Redirect Vulnerability on MasterCard's Australia Web Site

Lucian Ciolacu

July 29, 2014

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Open Redirect Vulnerability on MasterCard's Australia Web Site

An open redirect vulnerability has been found on MasterCard’s Australia web site (mastercard.com.au), according to an advisory by researcher Anastasios Monachos from Packet Storm.

An open redirect vulnerability consists of the malfunction of a web app that, according to the Common Weakness Enumeration dictionary, “accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.”

“Certain unspecified input is not properly verified before being used,” Monachos says in the advisory. “This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.”

The vulnerability, which is often used in phishing attempts, could be exploited remotely and was rated by Monachos as “very low.”

The open redirect-vulnerable URL from MasterCard’s web site is “https://migs.mastercard.com.au/vpcpay?vpc_ReturnURL=http://<any_domain>”.

Since the advisory was created a month ago, MasterCard hasn’t responded to Monachos` contact attempts.

It`s unclear if MasterCard has fixed the vulnerability. The web site, which is widely trusted, could be targeted for phishing attempts if the vulnerability remains.

tags


Author


Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited.

View all posts

You might also like

Bookmarks


loader