17 lines
1.3 KiB
Plaintext
17 lines
1.3 KiB
Plaintext
|
=== What is the potential impact?
|
||
|
|
|
||
|
|
If an attacker tricks a user into opening a link of his choice, the user is redirected to a domain controlled by the attacker.
|
||
|
|
|
||
|
|
From then on, the attacker can perform various malicious actions, some more impactful than others.
|
||
|
|
|
||
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
|
||
|
|
|
||
|
|
==== Domain Mirroring
|
||
|
|
|
||
|
|
A malicious link redirects to an attacker's controlled website mirroring the interface of a web application trusted by the user. Due to the similarity in the application appearance and the apparently trustable clicked hyperlink, the user struggles to identify that they are browsing on a malicious domain. +
|
||
|
|
Depending on the attacker's purpose, the malicious website can leak credentials, bypass Multi-Factor Authentication (MFA), and reach any authenticated data or action.
|
||
|
|
|
||
|
|
==== Malware Distribution
|
||
|
|
|
||
|
|
A malicious link redirects to an attacker's controlled website that serves malware. On the same basis as the domain mirroring exploitation, the attacker develops a spearphishing or phishing campaign with a carefully crafted pretext that would result in the download and potential execution of a hosted malicious file. +
|
||
|
|
The worst-case scenario could result in complete system compromise.
|