Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » "Covert redirect" OAuth security flaw not as serious as it sounds, experts say

"Covert redirect" OAuth security flaw not as serious as it sounds, experts say

2014/05/05

Softpedia - (International) A researcher reported finding a vulnerability dubbed "covert redirect" in OAuth and OpenID that could allow an attacker to access users' information. However, security researchers found that the vulnerability is only in certain implementations of OAuth and requires both user interaction and an open redirect to be present in a targeted application to be effective.

Source: http://news.softpedia.com/news/Covert-Redirect-OAuth-Security-Flaw-Not-as-Serious-as-It-Sounds-Experts-Say-440575.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:20:07