The Hacker News Logo
Subscribe to Newsletter

OpenID Warns of Serious Bugs in Some Implementations

OpenID Warns of Serious Bugs in Some Implementations


Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the OpenID foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data poisoning. More, below…
via the Kaspersky Lab Threatpost blogs’ Dennis Fisher: “OpenID Warns of Serious Bugs in Some Implementations
“The OpenID Foundation is warning users about a weakness in the software that could enable an attacker to change some of the data that’s exchanged between parties that use OpenID. The group is telling sites that implement OpenID to update to a new version in order to fix the problem. The bug in OpenID lies in the way that the system’s Attribute Exchange, an extension to the OpenID system that gives sites the ability to exchange identity information between endpoints. OpenID, and open source project that enables users to prove their identity to myriad sites without providing their password, is used by a slew of popular sites, including Google, Yahoo and Flickr…”

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.