| Title | Catalyst IT Australia User key authentication 2022081901 Open Redirect |
|---|
| Description | Vulnerability Description
Open redirect vulnerability in the "return=" parameter of the url used for the logout function in the moodle plugin "User Key Authentication". An attacker could use this vulnerability to redirect users to arbitrary websites by tricking them into clicking the link.
Impact
By exploiting this vulnerability, the attacker can redirect users/targets to any arbitrary address when clicking on the link.
To Reproduce:
1) Install the plugin "User key authentication" in a test environment where Moodle is running.
2) In your browser, add "/auth/userkey/logout.php?return=" to the address of your test environment, adding any web address after "return=", as in the example below:
http://yourdomain.com/auth/userkey/logout.php?return=http://maliciouswebsite.com
Note: The user does not need to be logged in for the redirect to work.
Fix Suggestion
Adjust the logout function to not allow the user to control where the page is redirected to after logout. |
|---|
| Source | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/moodle/key_user_authentication/v2022081901/key_user_authentication_open_redirection |
|---|
| User | Anonymous User |
|---|
| Submission | 04/23/2025 02:44 (12 months ago) |
|---|
| Moderation | 05/09/2025 16:47 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 308233 [Catalyst User Key Authentication Plugin 20220819 on Moodle Logout /auth/userkey/logout.php return redirect] |
|---|
| Points | 20 |
|---|