A security flaw in the OAuth and OpenID online login protocols has been revealed that could lead to personal information being released to hackers. The bug, named “Covert Redirect,” allows hackers to present a false pop-up window. If an attacker takes advantage of the Covert Redirect bug, you will typically be shown an impostor window asking you to authorize an application for a website. The attacker will use this impostor log-in pop-up to steal confidential information, such as your email address or password. Best practice dictates that to protect your personal information you should close all suspicious pop-up tabs that ask for login information.
For more information, read this article from Yahoo.
At CapLinked, the protection of your sensitive information is of the utmost importance. CapLinked does not use OAuth or OpenID, and as a result your login information is protected from Covert Redirect. Learn about all of CapLinked security measures on CapLinked’s security page.
If you’d like to learn more about what CapLinked can do for you, schedule a demo today.