FOD detects redirect vulnerability (OfficeUtilsSample)

FOD detects redirect vulnerability (OfficeUtilsSample)



We are using HP FOD tool for vulnerability testing. OfficeUtilsSample HomePage.aspx.cs was identified as having a possible breach because of redirect() use on line 358 (-- Response.Redirect(redirectUrl); --).

His there anything you can help us with (patch, workarround, arguments) so that we can solidly argument with the FOD team?

Where using Outsystems 10.0.604.0

Thank you in advance for the time you may invest on this matter.

Fernando Gameiro

Hi Fernando,

OfficeUtilsSample is a sample eSpace you can remove it from your environment.

I believe that the issue reported by "HP FOD" is probably because the HomePage.aspx is the Default entry point and the webpage can be accessed without any session and is set to Anonymous.

Just remove set the entry point as 'Is Default' => No

And to be sure that you not run into more security issues:

Remove the check from 'Anonymous' role in the webpage.

If this works, please share and update all the similar post/issues: