Coming off the heels of the Heartbleed bug, a new report on a security flaw called “Covert Redirect” is garnering a lot of media attention—so much that some outlets are referring to it as the next Heartbleed. But is Covert Redirect as bad as Heartbleed? Definitely not.
Is this the next Heartbleed?
No, it is not. This is a security flaw in the implementation of OAuth by service providers.
Why is Covert Redirect not as bad as Heartbleed?
Heartbleed is a serious vulnerability within OpenSSL, an open source implementation of the SSL and TLS cryptographic protocols used by over a half a million websites. The Heartbleed vulnerability could be exploited just by issuing requests to unpatched servers. Covert Redirect, however, requires an attacker to find a susceptible application as well as...