We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question

OAuth 2.0 Vulnerabilities

asked 2016-01-25 10:12:48 +0200

miross gravatar image

As FIWARE LAB / GE's are using OAUTH 2.0 https://www.fiware.org/tag/oauth/ it will be good to know, if current instances are not affected by mixed server attac on clients: https://mailarchive.ietf.org/arch/msg...

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted

answered 2016-02-04 02:48:25 +0200

aalonsog gravatar image


many thanks for the report. As you can read, the vulnerability is related directly with the protocol and affects clients that are retrieving tokens from more than one AS. By the moment and until the working group proposes a fix, my recommendation is to follow the advise proposed there.


edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower


Asked: 2016-01-25 10:12:48 +0200

Seen: 2,217 times

Last updated: Feb 04 '16