The vendor (Google) communicated that "they do not consider open redirects to be a security issue". https://www.google.com/amp/seclists.org/bugtraq/2016/Apr/70 …
well, TBF, IMO, this is slightly worse than classic OR, and the "looking at <a href>" part doesn't apply here
-
-
it is pretty nasty that, following a legitimate login page, a fake "wrong password" error page can be shown
-
the initial click is from external site, so tabnabbing could do the same (modulo timing maybe)
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.