ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

Open Redirect – Vodafone Easybox 804

During one of our usual internet failures as a Vodafone customer, I took the short break as an opportunity to take a closer look at the EasyBox URL.

During the failure, my browser directed me to the following EasyBox 804 website:

I immediately recognized the URL in the URL, namely the one I was on before the internet failure – as I suspected it was an open redirect. That means, I can enter any URL we want here and the EasyBox forwards promptly, even fully automatically, if the Internet works!

Easy Box 804 - Menu

Human being as a safety factor

Book a training course for your staff now!

Inquire now

The Scenario

An attacker sends the above URL to a victim, if the victim clicks on the link, he ends up on an infected website. Let’s take Facebook as an example, if the user still has a valid session cookie from Facebook and if I redirect to an infected website with the XSS included, I can take over the victim’s session, for example. A more realistic scenario, however, is that the EasyBox website is recreated and hosted by the attacker on an external domain, so that the victim is asked, for example, to log in to the optically identical EasyBox website and, if necessary, have to set their W-LAN password again.

By the way – it is very unpleasant that a user can simply call up the URL without authentication and re-establish the connection so that he can interrupt the Internet connection. But we learned that from Vodafone … it’s a feature.

The CVSSv3 is 6.4 – AV: A / AC: L / PR: N / UI: R / S: C / C: N / I: H / A: N .

PS: Do you have an EasyBox? Just click on the link and see for yourself!

Bild des stellvertretenden Geschäftsführers Immanuel Bär

Do not allow hackers access to your IT!

Find out more about penetration tests now!

More about penetration testing!

Zuletzt aktualisiert am March 29, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap