[bjornedstrom]

As a security professional I agree. When I worked at companies with bug bounties I always considered open redirects in the lamest category of bugs, unless the open redirect was cleverly combined with other issues, which was very rare.

[Kalium]

I once worked to patch an open redirect on a system where the redirect was at the end of the oauth flow. Could have been used for some pretty nasty phishing attacks.