Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected
Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt
Huge info-page by Wang Jing, the guy who has discovered the bug:
YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
Reproduceable examples (taken from the above YouTube channel)