Covert Redirect, a heavier OAuth flaw then Heartbleed

Author: Category: Greg's Blog

Recently, a new vulnerability in OAuth has been reported. Security specialists have assessed this flaw after the Covert Redirect.  It has been conflated with the Heartbleed vulnerability.  It was a security breach that made the administrators go insane on fixing the mess caused at their websites. Wang Jing, a PhD…

read more

OAuth, OpenID vulnerability discovered

Author: Category: Greg's Blog

Beware of links that ask you to log in through Facebook. The OAuth 2.0 and OpenID modules are vulnerable. Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the holes have been found in the login tools…

read more