OAuth 2.0 Vulnerabilities
As FIWARE LAB / GE's are using OAUTH 2.0 https://www.fiware.org/tag/oauth/ it will be good to know, if current instances are not affected by mixed server attac on clients: https://mailarchive.ietf.org/arch/msg...
As FIWARE LAB / GE's are using OAUTH 2.0 https://www.fiware.org/tag/oauth/ it will be good to know, if current instances are not affected by mixed server attac on clients: https://mailarchive.ietf.org/arch/msg...
Hi,
many thanks for the report. As you can read, the vulnerability is related directly with the protocol and affects clients that are retrieving tokens from more than one AS. By the moment and until the working group proposes a fix, my recommendation is to follow the advise proposed there.
BR
Asked: 2016-01-25 10:12:48 +0100
Seen: 2,239 times
Last updated: Feb 04 '16