Security Hero Rotating Header Image

OAuth vulnerability , (Wed, Apr 22nd)

OAuth vulnerability , (Wed, Apr 22nd)

My friend Jason Kendall pointed to me that OAuth had acknowledged the report of a vulnerability. There are no details on the vulnerability announced yet. It is known that twitter, Yahoo, Google and Netflix and other OAuth providers are all working on the research and mitigation of this vulnerability. We should hear more shortly.
OAuth is an open protocol to allow API access authorization. It’s use allow user to grant access on specific user’s data to online providers. It is commonly used with OpenID where OpenID provides the authentication and then OAuth gives access to the user’s properties and attributes without giving all other information to the provider. One site might want need to know the user’s name and age but another should only know the user’s name and food preference, Oauth allows such disclosure to happen.

URL: http://isc.sans.org/diary.php?storyid=6244&rss

Leave a Reply

Your email address will not be published. Required fields are marked *