Advisory Information
Title: Mitel CCMWeb OpenRedirect
Date Published:
Advisory Summary
The application accepts user input and then on completion of an additional task redirects the user to an external link.
Vendor
Mitel
Affected Software
| Product | Version |
| MiCC (CcmWeb | 7.x and earlier |
Description of Issue
A Open Redirect vulnerability was discovered in the MiContact Center version 7.1. This vulnerability was found in the login component of CCMWeb and could be exploited by modifying the ‘redirecturl’ parameter to point to an attacker controlled site. This vulnerability could be used as part of a phishing attack as the domain element will be familiar to the client building trust in the URL. As the site redirection does not happen until the user has authenticated to the site it may be possible to set up credential theft scenarios by cloning the CCMWeb login page.
PoC
The following proof of concept redirect the user to www.google.com after a successful login. This is only a proof of concept and through obfuscation or tiny URL technologies the Google URL could be changed to something miscellaneous.
http://1.1.1.1/CCMWeb/webforms/login.aspx?redirecturl=http://www.google.com
Timeline
Reported – 26th January 2015
Accepted – 31st March 2015
Advisory Published – 4th October 2015