Loading...

    'Covert Redirect' OAuth flaw more chest-beat than Heartbleed

    Date05 May 2014
    CategoryHacks/Cracks
    4728
    Posted ByBenjamin D. Thomas
    A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their websites. PhD student Wang Jing from Nanyang Technological University reported the flaw Saturday and showed how it allowed attackers to phish users and obtain their tokens.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Which email threat are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    22
    radio
    [{"id":"81","title":"Ransomware","votes":"3","type":"x","order":"1","pct":75,"resources":[]},{"id":"82","title":"Business email compromise ","votes":"1","type":"x","order":"2","pct":25,"resources":[]},{"id":"83","title":"Spam email","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.