CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')


    URL redirection is a World Wide Web technique for making a web page available under more than one URL address. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious websites.
    This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company. Visiting unreal web page user's computer becomes affected by malware the task of which is to deceive the valid actor and steal his personal data.
The weakness is inroduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-601


Description of CWE-601 on Mitre website