Jump to content

Serious security flaw in OAuth, OpenID discovered

Recommended Posts

I don't really see this akin to heartbleed bug, or even serious. That was something you can exploit vs anyone from anywhere.

This is no different than a hacked website + abusing the very notion of using a 3rd party login. Also, it's not as big of a deal as the article makes it look like. Things like facebook login works on a whitelist domain. Many of the 3rd party connect uses callbacks that are set on their application setting rather than the connection source (your server). It negates the issues of sending the info to the wrong place in the first place. Though, if your site is already hacked, then you're screwed anyway. The problem is far too generalized and appears as a problem but most of these services have one type of solution or the other already in place.

It's a not a technical flaw, but the very essence of allowing someone else to access your data via connect-like systems.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...