Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.
Covert Redirect is also related to single sign-on. It is well known by its influence on OAuth and OpenID.
Covert Redirect was found and dubbed by a mathematics PhD student Wang
Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.
Covert Redirect was published, it is kept in some common databases such
as SCIP, OSVDB, Bugtraq, and X-Force. Its scipID is 13185, while OSVDB reference number is 106567. Bugtraq ID: 67196. X-Force reference number is 93031.