Feeds

back to article 'Covert Redirect' OAuth flaw more chest-beat than Heartbleed

A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their …

COMMENTS

This topic is closed for new posts.

I am weary of supposedly-literate people writing weary when they meant wary.

4
0
Silver badge

I am wary of them, myself.

4
0
Anonymous Coward

Access tokens

Do Facebook still pass user access tokens on the URL when authenticating external sites such as twitter? It used to lead to a lot of spamming aps which relied on misusing the access tokens to spam crap all over Facebook with total impunity

0
0
Bronze badge

Breaking news from 2006

Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.

I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.

0
0
This topic is closed for new posts.