Title | Serious Security Flaw in OAuth, OpenID Discovered | |
Date | Friday May 02 2014, @10:34PM | |
Author | LaminatorX | |
Topic | ||
from the Another-one-bites-the-dust dept. |
As reported by CNET and other news publishers, a major flaw has been found in the login tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others. Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore, discovered that the serious vulnerability Covert Redirect flaw can masquerade as a login popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter.
Links |
printed from SoylentNews, Serious Security Flaw in OAuth, OpenID Discovered on 2024-05-04 19:37:31