New Attack vector Introduced in OWASP site: QRLJacking

[Jassi]

You might have observed and even tried to login to some sites using QR Scan Code. Well it's a bug or feature enhancement with Security point of view. Think in terms of Security Vs. Usability. This new attack vector in OWASP is published as QRLJacking :)

What OWASP says about QRLJacking in short: "QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, It’s all about convincing the victim to scan the attacker’s QR code."

Read more about it here: https://www.owasp.org/index.php/QRLJacking