Risks posed by the redirect parameter of OpenID and OAuth 2.0 may allow attackers to obtain user data due to a security flaw. The two open standards allow users to log into a website using credentials from another site, but this ability must be secured to avoid the creation of an "open redirector" that can be used to take the user to an attacker's location, writes Patricio Robles.

Full Story:
Programmable Web

Related Summaries