Covert Redirect Flaw

We are barely over the Heartbleed virus alert and a Singapore student has uncovered a flaw in OAth 2.0 and OpenID – login tools used by many websites including Google, Facebook and LinkedIn.

It’s called the Covert Redirect Flaw and it allows potential hackers to steal your login credentials when you login to a website. It’s been getting a lot of attention and some are calling it the next Heartbleed virus.



Covert-RedirectAccording to Fast Company this flaw is different in that it is much more difficult to fix.
Symantec however says that this flaw is definitely not as bad as Heartbleed
Mashable also says; “Don’t believe the hype“.

Bottom line at this point seems to be that yes, a problem exists, but it has been around for a while and most people are aware of it and already mitigate against it, unlike Heartbleed.

About the Author

Guy is owner of Trusted Technology Inc, a Canadian based company. With 20+ years experience Guy provides managed IT support services to small businesses and non profits across Canada.

Be the first to comment on "Covert Redirect Flaw"

Leave a comment

Your email address will not be published.