I am weary of supposedly-literate people writing weary when they meant wary.
'Covert Redirect' OAuth flaw more chest-beat than Heartbleed
A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix …
-
-
-
Tuesday 6th May 2014 17:56 GMT Michael Wojcik
Breaking news from 2006
Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.
I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.
This topic is closed for new posts.