A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their websites.
PhD student Wang Jing from Nanyang Technological University reported the flaw Saturday and showed how it allowed attackers to phish users and obtain their tokens.

The link for this article located at The Register UK is no longer available.