Singapore student has discovered a serious vulnerability in OAuth and OpenID

Following the “hole” in the OpenSSL called Heartbleed, which repeatedly written, there have been reports of another vulnerability, can seriously affect the work of many users on the Internet. Speech in this case goes about vulnerabilities in OAuth 2.0 and OpenID, popular protocols authorization and authentication used, including services such giants of the IT industry, as Facebook, Microsoft, LinkedIn and Google, and found her Singaporean student-mathematician by the name of Wang Jing (Wang Jing).
Singapore student has discovered a serious vulnerability in OAuth and OpenID
A sample list of the victims vulnerability
The student of the faculty of mathematics at Nanyang technological University in Singapore found a way how hackers can intercept users ‘ personal data, redirecting them to a specially created site after login. Speech in this case goes about the so-called “hidden redirect” (Covert Redirect), well-known and frequently used by hackers method when the user deception is directed to malicious network resource, steal personal information (including logins) .
Say, you are invited to click on the link, then a pop-up box asking for a user name and password for authorization. While the entered data, of course, get to attackers who can use them, for example, to send spam from your account. Note that the method of “hidden redirect” for authorization shall apply to the real addresses of sites, thereby unsuspecting users can share with a malicious e-mail addresses, etc. According to the student, Facebook, Google, LinkedIn, and Microsoft are aware of the problem.

Related Post

Microsoft will combine PC and Xbox One Phil Spencer (Phil Spencer), head of gaming division at Microsoft, spoke about the company's plans for the unification of gaming platforms the PC and ...
PC all-in-one Dell Inspiron 20 3048 and Inspiron 2... Company Dell has presented in the Russian market new monoblock computers of the family Inspiron designed to perform a wide range of tasks - Inspiron 2...
Samsung Galaxy S7 will support LTE Cat. 12 According to new reports from South Korean sources about the upcoming flagship smartphone Samsung Galaxy S7, the debut of the model may occur in Febru...
Website of the day: Cybermap – global cyberw... Today's site of the day is the info project Cybermap (or "Cyberthreat real-time map", with these names continuously confusion). On this website in the...

Leave a Reply