CVE-2020-15234

Name of the Vulnerable Software and Affected Versions ORY Fosite versions prior to 0.34.1

Description The issue arises from the comparison of the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint using strings.ToLower instead of a simple string match. This allows an attacker to register a client with an allowed redirect URL, such as https://example.com/callback, and then perform an OAuth2 flow requesting a redirect URL like https://example.com/CALLBACK. As a result, the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow.

Recommendations For versions prior to 0.34.1, update to ORY Fosite version 0.34.1 to resolve the issue. As a temporary workaround, consider disabling the OAuth2 flow for clients with registered redirect URLs that may be exploited until a patch is applied. Restrict access to the OAuth2 Authorization Endpoint to minimize the risk of exploitation. Avoid using case-insensitive comparisons for redirect URLs in the affected OAuth2 flow until the issue is resolved.