The vendor (Google) communicated that "they do not consider open redirects to be a security issue". https://www.google.com/amp/seclists.org/bugtraq/2016/Apr/70 …
it is pretty nasty that, following a legitimate login page, a fake "wrong password" error page can be shown
-
-
the initial click is from external site, so tabnabbing could do the same (modulo timing maybe)
-
I said that :P
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.