Jump to content

  • Curse Sites
Regional FlagVulnerability with website login form?Source
Target Source
#1 -

Hey team —
I’m concerned the person in the post below is attempting to use a vulnerability on the gw2 website to obtain user’s account login details -- unfortunately, this could be done by almost anybody very easily to trick a user since they will be entering their account information on your actual website with no idea that it will be redirected to somebody untrusted
I believe this could be prevented by restricting the allowable redirect_uri from your login page to trusted domains
It’s also possible I am misunderstanding things, but wanted to bring to your attention

ArenaNet Poster
Target Source
#2 -

He’s redirecting to the live TP site. It’s already in our whitelist.