A student from Singapore has discovered a bug in OAuth 2.0 and OpenID. By the bug, hackers can data of users of Google, Facebook and Microsoft to steal. This is possible by mimicking inlogschermen.
Among the companies that use OAuth 2.0 and OpenID include Facebook, Google, LinkedIn and Microsoft. The student to Cnet know that the problem is because Google is being investigated and that LinkedIn will soon be a blog release about the bug. Microsoft had the bug been investigated and no action. The company found out that the bug does not appear on its own web sites but only on those of third parties.
Comments
(40)