Showing posts from December, 2021

Open Redirect in Oracle BlueKai

Phishing threat actors are continuously seeking new methods to increase the chances of success in their campaigns. Phishing is still one of the main initial access vectors into target networks. One technique that makes phishing emails particularly difficult to block is the use of open redirect vulnerabilities to distribute malicious links.  Although often underestimated and left unaddressed for months or years, open redirect vulnerabilities can present a considerable risk to your users. Open redirect bugs often occur in the form of a parameter inside a query which contains a URL to redirect a user to.  In late 2020, a client of mine was targeted in a spear-phishing campaign that leveraged a universal open redirect vulnerability in the Oracle BlueKai Data Management Platform. The vulnerability was responsibly disclosed to Oracle Security in December 2020. At the time of writing, the vulnerability remains unpatched and has not been assigned a CVE number (despite multiple other open redir