After spending almost a year cleaning up after various security snafus, the UK’s Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We’re told this vulnerability potentially exposes customers to malware infections and phishing attacks.
Open redirects essentially allow attackers to use a legitimate website or a web application – in this case, a Royal Mail website – to redirect users to a malicious website by manipulating the URL. It occurs when the application doesn’t validate user input, so miscreants can manipulate it as they please.
