Cover Redirect Vulnerability


#1

Will Twitter API be issuing a statement or blog post related to the Cover Redirect Vulnerability?:

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

This is focused on OAuth2 (and OpenID) and I know that Twitter API uses OAuth 1.0A as it’s primary means of authorization. However, I’m most curious about Application-Only authorization. Are Twitter API apps secure? Under what conditions? Are there any actions in particular that we should take to avoid the vulnerability?

@JoeMayo