A newly reported flaw in open-source authorization services has been named Covert Redirect. The flaw affects OAuth 2.0 and OpenID, tools that allow users to sign in to certain online services using an existing identity for other sites, such as Facebook, Google and Yahoo. Security experts say this newly identified bug doesn’t appear to pose as big a risk as Heartbleed. Still, sites that rely on OAuth, OpenID need to make their users aware of the potential risks.”]
Source: https://www.govinfosecurity.com/covert-redirect-flaw-big-deal-a-6813