Yesterday, information came to light around a security vulnerability in OAuth. While we believe that the severity of the vulnerability is medium at best, the possibility that an attacker could leverage this security vulnerability to gain access to an unsuspected user’s OAuth-protected resources does exist.
Maintaining the integrity of Cliqset user data is our top priority, so while our analysis has concluded that no Cliqset user data has been exposed, we have decided to proactively disable a subset of our OAuth functionality until a suitable fix can be implemented.
We have been and will continue to work with existing Cliqset users to transition to one of our alternative authorization protocols until OAuth functionality is re-enabled.
It should also be noted that Cliqset has been working in concert with other OAuth providers to both quantify the risk and develop a solution. We applaud the coordination of the OAuth community (led by Eran) and look forward to re-enabling OAuth in the near future.
If you have any further questions or concerns, please email darren@cliqset.com.
Darren Bounds
Cliqset Inc.
Additional information:
Filed under: Uncategorized
