Covert Redirect – Wikipedia

Web Technology Wire

Covert Redirect – Wikipedia

Covert Redirect is a class of security bugs disclosed in May 2014.[1] It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.[2]


Covert Redirect is also related to single sign-on. It is well known by its influence on OAuth and OpenID. Covert Redirect was found and dubbed by a mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.[3]

After Covert Redirect was published, it is kept in some common databases such as SCIP, OSVDB, Bugtraq, etc. Its scipID is 13185,[4] while OSVDB reference number is 106567.[5] Bugtraq ID: 67196.[6]

View original post


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s