CVE-2023-26494

Name of the Vulnerable Software and Affected Versions lorawan-stack versions prior to 3.24.1

Description The issue is related to an open redirect on the login page of the lorawan-stack server, allowing an attacker to supply a user-controlled redirect upon sign in. This may enable malicious actors to phish users, as users assume they were redirected to the homepage on login.

Recommendations For versions prior to 3.24.1, update to version 3.24.1 to resolve the issue. As a temporary workaround, consider restricting access to the login page or implementing additional authentication measures to minimize the risk of exploitation.