Sign in / up

back to article 'Covert Redirect' OAuth flaw more chest-beat than Heartbleed

A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. joeldillon

    I am weary of supposedly-literate people writing weary when they meant wary.

    4 0
    1. Oninoshiko
      Reply Icon

      I am wary of them, myself.

      4 0
  2. Anonymous Coward
    Anonymous Coward

    Access tokens

    Do Facebook still pass user access tokens on the URL when authenticating external sites such as twitter? It used to lead to a lot of spamming aps which relied on misusing the access tokens to spam crap all over Facebook with total impunity

    0 0
  3. Michael Wojcik Silver badge

    Breaking news from 2006

    Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.

    I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.

    0 0
This topic is closed for new posts.

Other stories you might like