Last week, Wang Jing, a Ph.D. student at the Nanyang Technological University in Singapore, reported finding an OAuth and OpenID security flaw that could be exploited to obtain sensitive information.
OAuth is the open standard for authorization used for many high-profile web, desktop and mobile applications. The security issue, which has been dubbed Covert Redirect, can expose all sorts of information.
For OAuth 2.0, these attacks might jeopardize the token&…
Comments are closed.
