We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question
0

OAuth 2.0 Vulnerabilities

asked 2016-01-25 10:12:48 +0100

miross gravatar image

As FIWARE LAB / GE's are using OAUTH 2.0 https://www.fiware.org/tag/oauth/ it will be good to know, if current instances are not affected by mixed server attac on clients: https://mailarchive.ietf.org/arch/msg...

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2016-02-04 02:48:25 +0100

aalonsog gravatar image

Hi,

many thanks for the report. As you can read, the vulnerability is related directly with the protocol and affects clients that are retrieving tokens from more than one AS. By the moment and until the working group proposes a fix, my recommendation is to follow the advise proposed there.

BR

edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2016-01-25 10:12:48 +0100

Seen: 2,230 times

Last updated: Feb 04 '16