Looking for the Next Heartbleed in all the Wrong Places | Linux Today

Looking for the Next Heartbleed in all the Wrong Places

Written By
SMK
Sean Michael Kerner
May 6, 2014

With the ‘Covert Redirect’ flaw the basic premise of the attack is to take advantage of a previously-known mis-configuration issue in OAuth and OpenID. One of the most succinct comments about why Covert Redirect is not the same Heartbleed was published by security vendor Symantec in a blog post on May 3.

“The Heartbleed vulnerability could be exploited just by issuing requests to unpatched servers,” Symantec stated. “Covert Redirect, however, requires an attacker to find a susceptible application as well as acquire interaction and permissions from users.”

SMK

Sean Michael Kerner

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.