Due to a serious Cover Redirect vulnerability related to OAuth 2.0 and OpenID, attackers can capture your any information which have mentioned in your social network accounts and redirect you to malicious sites. Almost all major providers of OAuth 2.0 and OpenID are affected, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, Paypal, GitHub, QQ, Taobao, Weibo, VK, Mail.Ru, Sohu, etc. Thus, these attackers can directly obtain user’s personal information, such as e-mail, age, local address, etc. through this bug. Also, the attacker can obtain more sensitive information, such as mailbox, friends list and online presence, and even operate the account on the user's behalf. For example, you enter any site and when you click the “Connect with Google+”, “Connect with Facebook”, you can see that new window is opened. This accession process carries out through OAuth protocol. “Covert Redirect” allows attacker to obtain your information from your account. Note that, this bug can direct you different similar site, offer to access your social accounts. It also may cause stealing your information.
*OAuth - an open access protocol. It provides user to access different safe resources without presenting login and password.
**OpenID – an open standard of centralized authentication system. This standard allows user to create a single account for authentication at internet resources which are not related to each other.