04
May
New Vulnerability in OAuth and OpenID?
in Blog
Comments
I've had a few people ask me about the vulnerability reported on Phys.Org in OpenID and OAuth. This is not inherently a vulnerability in OpenID, but rather a potential way to get information from a website that both implements an open redirect (a big no-no) and OAuth or OpenID. What does this mean? Are are you safe and secure using OAuth and OpenID? The truth is OAuth...
Read More