Daily Archives: May 15, 2014

Covert Redirect

“Covert Redirect”, publicized in May, 2014, is an instance of attackers using open redirectors – a well-known threat, with well-known means of prevention. The OpenID Connect protocol mandates strict measures that preclude open redirectors to prevent this vulnerability. Please see Section 4.2.4 of RFC 6819 (http://tools.ietf.org/html/rfc6819#section-4.2.4) for more information on […]