Security flaw in OAuth and OpenID
Nic last edited by
Seems like a biggie, especially since they are saying they won't/can't fix it.
scottalanmiller last edited by
Wow! That's crazy.
david.wiese last edited by
everything i read so far is saying that people have tried alerting google and facebook but they aren't responding. Why don't people respond to glaring security holes?
Dashrender last edited by
It just seems hopeless sometimes.
jasonh last edited by
I've always shied away from the option to "Login with your [Facebook/Twitter/Linkedin/etc] Account", mainly because of privacy concerns, but also because I've heard of design flaws with the OAUTH and OpenID systems (mainly from listening to Steve Gibson's podcast)