Hello there! I bumped into a recent post that describes the way someone could get access to your account using facebook oauth. According to the vulnerability author: > Every website with "Connect Facebook account and log in with it" is > vulnerable to account hijacking. Source: http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.html Facebook will not fix this anytime soon. Should we disable facebook login until this gets resolved? -- FAS : axilleas GPG : 0xABF99BE5 Blog: http://axilleas.me _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
