Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-15964

Redirection not followed when using OAuth

    Details

      Description

      When a user logs in, or authenticates using the built in Oauth system of phpBB, the redirection URL is not followed nor included following the login process. A user could be in the middle of something and they will always be redirected to the forum main page.

      Fixing this could be as easy as including the redirection to the Oauth provider when returning back to phpBB. This may add the vulnerability if the Oauth provider is not trusted and for some reason rewrites the redirection, but that seems unlikely.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Ectoman AJ Quick
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: