Federation SMPORTALURL vulnerability

Document ID : KB000012269
Last Modified Date : 14/02/2018
Show Technical Document Details

Federation SMPORTALURL can be manipulated and poses an OpenRedirect Vulnerability


How can the Federation SMPORTALURL be secured from OpenRedirect Vulnerability as today it can be manipulated and user can be redirected to a malicious target .


- The SMPORTALURL Vulnerability was addressed within 12.52 SP2 Release where a "Use Secure URL" check box was introduced to encrypt only the SMPORTALURL query parameter.

- The encrypted SMPORTALURL prevents a malicious user from modifying the value and redirecting authenticated users to a malicious website.

- Please refer to the below link for additional details on the "Use Secure URL"


- The same Feauture was backported to the 12.52 SP1 CR06 Release as indicated in the below link 


Additional Information:

In summary ,this feature is available in the below Releases :

- 12.52 SP1 CR06 and higher

- 12.52 SP2 and higher