May 2, 2014 in Classic self-hosted technical help
Here we go again...
I don't really see this akin to heartbleed bug, or even serious. That was something you can exploit vs anyone from anywhere.
This is no different than a hacked website + abusing the very notion of using a 3rd party login. Also, it's not as big of a deal as the article makes it look like. Things like facebook login works on a whitelist domain. Many of the 3rd party connect uses callbacks that are set on their application setting rather than the connection source (your server). It negates the issues of sending the info to the wrong place in the first place. Though, if your site is already hacked, then you're screwed anyway. The problem is far too generalized and appears as a problem but most of these services have one type of solution or the other already in place.
It's a not a technical flaw, but the very essence of allowing someone else to access your data via connect-like systems.
This topic is now archived and is closed to further replies.
Started September 18
Started September 8
Started 13 hours ago