OAuth 2.0 and OpenID Open Redirect

2014.05.04

Credit: tetraph

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-601

OAuth 2.0 and OpenID have serious Covert Redirect vulnerability. It could lead to Open Redirect Attacks to both clients and providers of OAuth 2.0 or OpenID.
For OAuth 2.0, these attacks might jeopardize &#8220;the token&#8221; of the site users, which could be used to access user information. In the case of Facebook, the information could include the basic ones, such as email address, age, locale, work history, etc. If &#8220;the token&#8221; has greater privilege (the user needs to consent in the first place though), the attacker could obtain more sensitive information, such as mailbox, friends list and online presence, and even operate the account on the user's behalf.
For OpenID, the attackers may get user's information directly. Compounded by the large number of companies involved, this vulnerability could lead to huge consequences if left unresolved.
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

References:

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OAuth 2.0 and OpenID Open Redirect

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.