OAuth 2.0 and OpenID Covert Redirect Vulnerability

tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

This page describe Covert Redirect vulnerability of OAuth 2.0 and OpenID. It gives the detail of the importance of OAuth 2.0 and OpenID Covert Redirect vulnerability. The vulnerability may lead to information leakage and Open Redirect vulnerabilities to realted OAuth 2.0 and OpenID providers such as Facebook, Google, Yahoo, LinkedIn, Taobao, QQ, Weibo, VK.com, Mail.Ru, 163, Sohu, Sina, Kaixin and so on. The vulnerability is hard to pathch, since it is related to third-party applications. 这个页面介绍了 OAuth 2.0 和 OpenID 的 Covert Redirect 漏洞. 网页详细介绍 OAuth 2.0 和 OpenID Covert Redirect 的重要性. 这个漏洞可以导致 OAuth 2.0 and OpenID providers 的 信息泄漏 和 URL 跳转, 这些公司包括 脸谱, 谷歌, 雅虎, 微博, 腾讯, 淘宝, 网易, 搜狐, 新浪, 开心网, 人人网, ВКонтакте, Официальный логотип Mail.Ru Group, ВКонтакте: Добро пожаловать, 支付宝...

Comments (0)

Sign in to post comments.