An open redirect vulnerability occurs when an application allows a user to control redirects or redirect to another URL. If the app fails to validate untrusted user input, an attacker could provide a URL that redirects an unsuspecting victim from a legitimate domain to the attacker’s phishing site.
Attackers exploit open redirects to make phishing attacks more credible. Most users check for legitimate and trusted domains but are unaware of redirects to phishing sites.
Although this vulnerability does not necessarily directly affect legitimate applications, it can adversely affect the reputation of website owners. It should be noted that open redirects may not have a significant impact on the companies themselves, it is important to avoid damaging users’ trust in the company. Open redirects trough the website can very well be used against its own employees and users.