Is RH-SSO vulnerable to Host Header Injection ?
Issue
- Hostname modification in the
Reset password
link sent via email can lead to potential vulnerability. Is that true in RH-SSO ? How to possibly avoid it ? - How to mitigate potential Host header poisoning in RH-SSO ?
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7
- Password reset / Email verification
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.