Covert Redirect - Wikipedia
Covert Redirect is a class of security bugs disclosed in May 2014.[1] It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.[2]
Covert Redirect is also related to single sign-on. It is well known by its influence on OAuth and OpenID. Covert Redirect was found and dubbed by a mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.[3]
After Covert Redirect was published, it is kept in some common databases such as SCIP, OSVDB, Bugtraq, etc. Its scipID is 13185,[4] while OSVDB reference number is 106567.[5] Bugtraq ID: 67196.[6]
https://en.wikipedia.org/wiki/Covert_Redirect
评论
热度 ( 19 )
© IT 计算机&信息网络 技术 | Powered by LOFTER