CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Dark Reading

'Log in with...' Feature Allows Full Online Account Takeover for Millions

Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens ...
Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...
Ars Technica

Compromising Twitter’s OAuth security system

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...
Computer Weekly

Salt Labs identifies OAuth security flaw within Booking.com

Critical security flaws in Booking.com’s implementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people’s sensitive ...
ZDNet

Covert Redirect mostly hype and certainly no Heartbleed

A researcher's contention of security flaws in OAuth and OpenID has serious flaws of its own, according to those familiar with the specifications. News of the security issues hit hard Friday claiming ...