How a Welcome Email Can Be Used for Malicious Redirection
1 min read
Summary
A flaw which could allow attackers to redirect users to malicious websites has been uncovered in the welcome email system of a popular messaging platform.
The issue lies in how download links are generated, allowing the sender to manipulate the links and redirect the user to a malicious site; the platform is not disclosing the name of the app concerned in order to give developers time to fix the issue first.
This discovery highlights how dangerous open redirects can be, providing attackers with another angle to exploit user data.
The vulnerability lies in the platform’s marketing system, specifically where personalised welcome emails to new users include links for app downloads.
The researcher found that the URLs for these downloads were easily manipulable, allowing malicious senders to redirect newcomers to unsafe sites.