OAuth和OpenID开源登录的“隐蔽重定向”漏洞(Covert Redirect)

Cnet报道,新加坡南洋理工大学名叫王晶的数学系博士生,发现了OAuth和OpenID开源登录的“隐蔽重定向”漏洞(Covert Redirect)

腾讯QQ、新浪微博、阿里巴巴淘宝、支付宝、搜狐网、网易、人人网、开心网、亚马逊、微软 Live、WordPress、eBay、PayPal、Facebook、Google、Yahoo、LinkedIn、VK.com、 Mail.Ru、Odnoklassniki.ru、GitHub等大量知名网站受影响

黑客可利用该漏洞给钓鱼网站“变装”,用知名大型网站链接引诱用户登录钓鱼网站,一旦用户访问钓鱼网站并成功登陆授权,黑客即可读取其在网站上存储的私密信息。

http://tech.ifeng.com/internet/detail_2014_05/03/36130721_0.shtml

Advertisements

One thought on “OAuth和OpenID开源登录的“隐蔽重定向”漏洞(Covert Redirect)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s