Preventing open redirects after login
Incident Report for The Things Network
We recently made sure that the open redirect for Console/Account App logins does not redirect to other domains. This allows relative links only for the n query parameter when logging into the Console or Account App.

We would like to thank security researcher Kevin Stubbings for using responsible disclosure for reporting this issue and making The Things Network a safer place.

Read more about our responsible disclosure policy:
Posted Feb 16, 2023 - 14:34 CET