[VIM] Open redirects - yes or no?
sullo at cirt.net
Fri May 2 04:08:18 UTC 2008
I'm going to side with Jericho on this one, and lobbied for inclusion in
OSVDB back when we first discussed. If you work at a financial (or
really any place), an open redirect is an open invitation to phishing.
In the end, I think a VDB's job (much like a security scanner) is to
list vulnerabilities, and let users of the software determine what is or
is not acceptable.
More information about the VIM