Skip to content

OpenIDs at LiveJournal leaking auth info

Joseph Petviashvili (krotty), creator of the Skype-based Bitchun Society, writes today about his detection that LiveJournal is leaking his auth info via the check_immediate feature in OpenID. I haven’t seen any other discussion of this. Can anyone confirm?

open id from livejournal is not safe

If you are logged in to livejournal, that information can be shared with third parties without your consent through OpenID. Right now livejournal.ru and kommersant.ru are doing it.

Have not found a way to disable it, they are using http://www.livejournal.com/openid/server.bml?openid.mode=checkid_immediate and livejournal is giving out my auth info without asking…

Tags: - -

View blog reactions

{ 5 } Comments