SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Serious Security Flaw in OAuth, OpenID Discovered
Date    Friday May 02 2014, @10:34PM
Author    LaminatorX
Topic   
from the Another-one-bites-the-dust dept.
https://soylentnews.org/article.pl?sid=14/05/02/2214247

cornholed writes:

As reported by CNET and other news publishers, a major flaw has been found in the login tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others. Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore, discovered that the serious vulnerability Covert Redirect flaw can masquerade as a login popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter.

Links
  1. "CNET" - http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered
  2. "the login tools OAuth and OpenID" - http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
  3. "Covert Redirect" - https://www.youtube.com/watch?v=HUE8VbbwUms
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Serious Security Flaw in OAuth, OpenID Discovered on 2024-05-04 19:37:31