Math student detects OAuth, OpenID security vulnerability

(Phys.org) —To get right to the point, a doctoral candidate in math has discovered two holes in OAuth and OpenID that could leak data and redirect victims to unsafe sites. Friday's tech sites accordingly were buzzing with news of the discovery about a vulnerability in OAuth and OpenID protocols. Be cautious, said the reports, of links that ask you to log in through well known sites such as Facebook and Google. The OAuth 2.0 and OpenID login tools are "used by many websites and tech titans" including Google, Facebook, and Microsoft, among others," said Aloysius Low, writer at CNET Asia and Seth Rosenblatt, who covers Google and security for CNET News.

Read the whole article on Physorg

More from Physorg