Covert Redirect – Wikipedia

Covert Redirect – Wikipedia

Covert Redirect is a class of security bugs disclosed in May 2014.^[1] It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.^[2]

Covert Redirect is also related to single sign-on. It is well known by its influence on OAuthand OpenID. Covert Redirect was found and dubbed by a mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.^[3]

After Covert Redirect was published, it is kept in some common databases such as SCIP,OSVDB, Bugtraq, etc. Its scipID is 13185,^[4] while OSVDB reference number is 106567.^[5]Bugtraq ID: 67196.^[6]

https://en.wikipedia.org/wiki/Covert_Redirect#cite_note-TechTarget-3