This new flaw, called the Covert Redirect flaw, was first reported by a Singaporea PhD student in mathematics from Nanyang Technological University. The Covert Redirect flaw is not so easily patched as heartbleed…
What is the Covert Redirect flaw?
The flaw allows hackers to modify the process of logging into a site, silently redirecting people to dangerous websites where data can be hacked. This is quite dangerous as unlike common pop-up techniques that use a realistic but recognisable fake domain name, this flaw allows the hacker to use the real website to authenticate the data, and then steal it.
What is OAuth and OpenID?
These are two public technical standards that allow usernames and passwords to ‘span’ multiple different websites, avoiding the need for a distinct username and password per website. This avoids the issue of the user having to remember different username and password pairs for every website they have registered on.
Unlike the Heartbleed Bug, which is being patched quickly, there’s no easy or fast way to fix this problem. Facebook and the other companies affected are aware of it and working on it but no clear indication by when it will be fixed. Microsoft reported that it had looked into it and it was actually a third-party application issue rather than something they had control over.
“The patch of this vulnerability is easier said than done,” Wang wrote on his website. “If all the third-party applications strictly adhere to using a whitelist. Then there would be no room for attacks. However, in the real world, a large number of third-party applications do not do this due to various reasons. This makes the systems based on OAuth 2.0 or OpenID highly vulnerable.”
What is the solution to the Covert Redirect flaw?
The solution is as simple as setting up what is called a ‘whitelist’ on the redirect – so the redirect will only work for trusted websites on the whitelist.