Covert Redirect vulnerability is the security flaw in the open standards for authorization OAuth and OpenID that is menacing IT industry. The vulnerability can masquerade as a login popup based on an affected sites domain. Facebook said fixing this bug was something that cant be accomplished in the short term and that short of forcing every single application on the platform to use a whitelist, fixing the bug is difficulty Facebook replied.”]
Source: https://securityaffairs.co/wordpress/24585/intelligence/covert-redirect-oauth-openid.html