Community
Participate
Working Groups
From the security@eclipse.org inbox - see below. Note that this only happens when not logged in to *.eclipse.org. I am marking this as 'critical', as I believe we really don't want to help people build phishing attacks and use our well-known brand to create honey pots. ---- Hi, I get in touch to report an open redirection vulnerability affecting wiki.eclipse.org A user can be sent a URL link that can lead to malicious content. The user will believe the link is trust-worthy. PoC: http://wiki.eclipse.org//youtube.com Server response: HTTP/1.1 301 Moved Permanently … Location: http://youtube.com This behavior can be leveraged to facilitate phishing attacks against users of the application. I look forward to your reply. Best Regards, Guifre ------
This should now be resolved. Can I get someone else to confirm before we close this? -M.
(In reply to Eclipse Webmaster from comment #1) > This should now be resolved. > > Can I get someone else to confirm before we close this? > > -M. Looks good to me. Thanks Matt.
Ok closing as fixed. -M.