Page 1 of 1
[CNET New]Serious security flaw in OAuth, OpenID discovered
Posted: 05 May 2014, 08:30
by niarfman
Hi Nadeo Team,
Are you aware about the security issue concerning oAuth ? Is ManiaConnect concerned ?
Source :
http://www.cnet.com/news/serious-securi ... discovered
I have configured ManiaConnect with phpBB and I will soon share the source code of my work to the community. I hope there is no risk before ^^
Re: [CNET New]Serious security flaw in OAuth, OpenID discove
Posted: 05 May 2014, 08:37
by Jojo_44
There´s no problem with the Maniaplanet Web Service I think because they implemented the OAuth 2.0 standard which means you have to specify the domain of the redirect. And it´s not a security problem of OAuth or OpenId it´s because of wrong implementations of Facebook and co to make it easier for developers.
Jojo
Re: [CNET New]Serious security flaw in OAuth, OpenID discove
Posted: 05 May 2014, 09:43
by niarfman
I have understood the same, and I hope we are both right
But maybe others were wondering about that and the point of vue from Nadeo is interesting.
Re: [CNET New]Serious security flaw in OAuth, OpenID discove
Posted: 05 May 2014, 09:46
by gouxim
Jojo_44 wrote:There´s no problem [...] you have to specify the domain of the redirect.
True
Jojo_44 wrote:wrong implementations of Facebook and co to make it easier for developers
They aren't actually wrong implementations. Oauth2 rfc went through lots of drafts, and was pretty much abandonned in the end ; each provider implement a different version of the draft.
Edit: there is actually a final version (
http://tools.ietf.org/html/rfc6749), so one might say they have wrong implemenations.
Re: [CNET New]Serious security flaw in OAuth, OpenID discove
Posted: 05 May 2014, 10:24
by niarfman
Great work from your end
Thanks for your answer