ADVERTISEMENT

Royal Mail jeopardizes users with open redirect flaw

The British postal service and courier company has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections.

Royal Mail open redirect

By Shutterstock

Jurgita Lapienytė
Jurgita Lapienytė Chief Editor
Nov 7, 2023 Updated: 15 November 2023 1 min read
Redirection scheme
ADVERTISEMENT

Significance

  • Users can be lured into fake websites designed to steal credentials and credit card numbers, among other things.
  • Open redirect vulnerabilities can be leveraged to download malicious software onto the victims’ devices.
  • Users might end up on pages filled with spam and other low-quality content.

Mitigation

  • Companies facing similar issues should validate all user input.
  • Websites can use URL encoding to prevent URL tampering.
  • Website owners can create a whitelist of trusted URLs and only allow redirects to those URLs.
ADVERTISEMENT