Friday, May 9, 2014

After OpenSSL now we have OAuth and OpenID flaw


Good time for all organization using OpenSource to contribute for OpenAudit to keep them safe and secure.


According to the article:-

For example, someone clicking on a malicious phishing link will get a popup window in Facebook, asking them to authorize the app. Instead of using a fake domain name that's similar to trick users, the Covert Redirect flaw uses the real site address for authentication.

If a user chooses to authorize the log in, personal data (depending on what is being asked for) will be released to the attacker instead of to the legitimate website. This can range from email addresses, birth dates, contact lists, and possibly even control of the account.

Regardless of whether the victim chooses to authorize the app, he or she will then get redirected to a website of the attacker's choice, which could potentially further compromise the victim.

The link below has more information:-

No comments:

Post a Comment