The Hacker News
After #Heartbleed, Nasty Covert Redirect #Vulnerability found in OAuth and OpenID http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html

Image/photo

The Hacker News | Biggest Information Security Channel: Nasty Covert Redirect Vulnerability found in OAuth and OpenID (Swati Khandelwal)

After Heartbleed bug, a security flaw in widely used open-source software OpenSSL that puts countless websites at risk, another vulnerability has been found in popular authentication software OpenID and authorization software OAuth. Wang Jing, a Chinese mathematics Ph.D student at the Nanyang Technological University in Singapore, found that the OAuth and OpenID open source login tools are vulnerable to the " Covert Redirect" exploit.
#heartbleed #vulnerability