Microsoft Live Online Service OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: live.com (2) Vulnerability Description: Live web application has a computer security problem. Hacker can exploit it by Covert Redirect cyber attacks. The vulnerabilities can be attacked without user login. Tests were performed on Microsoft …
Continue reading Microsoft Live Online Service OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)Microsoft
A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed “Covert Redirect” by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID. Both standards are employed across the Internet to …
Continue reading OAuth and OpenID Users Threatened by New Security Flaw, Covert Redirect