Covert Redirect Security vulnerability related to OAuth 2.0 and OpenID
A serious Covert Redirect Security vulnerability related to OAuth 2.0 and OpenID has been found. Almost all major providers of OAuth 2.0 and OpenID are affected, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, Paypal, GitHub, QQ, Taobao, Weibo, VK, Mail.Ru, Sohu, etc. The vulnerability occurs in redirections to third-party applications.
It could lead to Open Redirect attacks to both clients and providers of OAuth 2.0 or OpenID.
For OAuth 2.0, these attacks might jeopardize “the token” of the site users, which could be used to access user information. In the case of Facebook, the information could include the basic ones, such as email address, age, locale, work history, etc. If “the token” has greater privilege (the user needs to consent in the first place though), the attacker could obtain more sensitive information, such as mailbox, friends list and online presence, and even operate the account on the user's behalf.
For OpenID, the attackers may get user's information directly. Compounded by the large number of companies involved, this vulnerability could lead to huge consequences if left unresolved.
The vulnerability was found by WANG Jing(@justqdjing), a PhD student in Division of Mathematical Sciences (MAS) from School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://securityrelated.blogspo....t.com/2014/10/covert
https://twitter.com/justqdjing
-
Category
No comments found