Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 547021

Summary: Cross Domain referrer Leakage
Product: Community Reporter: Christopher Guindon <chris.guindon>
Component: WebsiteAssignee: Christopher Guindon <chris.guindon>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: full109tun
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Mac OS X   
Whiteboard:

Description Christopher Guindon CLA 2019-05-06 16:17:41 EDT 
Hi team,

I'm a security researcher. I founded your website Vulnerable to a vulnerability listed below.

Vulnerability: Cross Domain Referrer Leakage

Details:
When user request a Password Reset he/she receives password reset link which includes password reset token. User clicks the link and he/she may enter new password twice but before entering password if user clicks on the link (https://abcd.com) cross domain referrer leakage takes place. It leaks the password reset token to third party website.

Steps to reproduce:
1- Request a password reset.
2- Open password reset link.
3- Click on third party website link and capture the request.
4- Check for token leakage.
---

I propose we fix this problem with the following solution:

The password reset link should not include token. The token must be submitted via a form to gain access to the password reset form.
Comment 1 Mohsin Ali CLA 2019-05-22 07:52:05 EDT 
Hi,

I am still waiting for your reply. Is there any update on this.

Regards,
Mohsin
Comment 2 Christopher Guindon CLA 2020-02-19 10:04:16 EST 
We've removed all 3rd party links on the Reet my password change.