Web Client Phishing thru URL Redirection

(0) Share

Report

Posted on by Carlos Herrando

165

Phishing thru URL Redirection.
An attacker can e-mail NAV users with a valid link to the NAV Web Client, but with a malicious ReturnUrl payload. If a user clicks on the link, the user will be routed to the correct system to authenticate. After successful authentication, user will be redirected as specified in ReturnUrl.

https://yourserver.com/NAVInstance/WebClient/SignIn.aspx?ReturnUrl=%2f%2fgoogle.com&tenant=tenant1

We have tested this on our servers and after authentication it redirects you to any web you put as ReturnUrl parameter.

Please, could you help with this issue? Is it possible to configure a whitelist validation for the “ReturnUrl” parameter in order to accept only the known values for redirection? How can configure this on web client?

Is there any other workaround?

Thank you and regards,

*This post is locked for comments

All responses (9)

Answers (1)

Verified answer

Carlos Herrando 165 on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Hi there, finally it was a bug and Microsoft correct this within the NAV 2016 Cumulative Update 36. Not sure about the same issue in other versions.
Carlos Herrando 165 on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Thank you Stefano.

I also don't have AccessControlService setup in a 2018 database to test.

Regards.
Suggested answer

Stefano Demiliani 37,162 Most Valuable Professional on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Are you able to reproduce this also for NAV 2018?
Suggested answer

Stefano Demiliani 37,162 Most Valuable Professional on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Ok. I don’t have this type of authentication in place. It seems strange but the only thing I can do is to submit this to the product team.
Carlos Herrando 165 on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Hi again,

I have done several testings with NAV 2016 and the issue only happens when CredentialType = AccessControlService.

We are using ADFS authentication.

Regards,
Carlos Herrando 165 on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Hi Stefano, I am using NAV 2016 CU25.

I am going to try with NAV 2017 to see if the same happens.

Regards,
Suggested answer

Stefano Demiliani 37,162 Most Valuable Professional on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Yes you’re right but I’m not enable again to reproduce it. Very strange. I’m testing with NAV 2017 now. What version are you using?
Carlos Herrando 165 on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

Hi Stefano, thanks for your quick response, it is important that you write %2f%2fgoogle.com as I did to get the redirection works.
Suggested answer

Stefano Demiliani 37,162 Most Valuable Professional on at

Like (0)

Report

RE: Web Client Phishing thru URL Redirection

I'm not able to reproduce this issue.

I've tested with myserver/.../SignIn.aspx

Web Client Phishing thru URL Redirection

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates

Web Client Phishing thru URL Redirection

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Subscribe to

Leaderboard

Featured topics

Product updates