We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question
0

OAuth 2.0 Vulnerabilities

asked 2016-01-25 10:12:48 +0200

miross gravatar image

As FIWARE LAB / GE's are using OAUTH 2.0 https://www.fiware.org/tag/oauth/ it will be good to know, if current instances are not affected by mixed server attac on clients: https://mailarchive.ietf.org/arch/msg...

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by » oldest newest most voted
0

answered 2016-02-04 02:48:25 +0200

aalonsog gravatar image

Hi,

many thanks for the report. As you can read, the vulnerability is related directly with the protocol and affects clients that are retrieving tokens from more than one AS. By the moment and until the working group proposes a fix, my recommendation is to follow the advise proposed there.

BR

edit flag offensive delete link more
add a comment
Login/Signup to Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-01-25 10:12:48 +0200

Seen: 2,210 times

Last updated: Feb 04 '16

Related questions

Problems creating a domain in Fiware AuthZforce Authorization Server

How to configure Keyrock to access a Restful API behind Wilma Proxy

Single Sign On with WMarket, WStore and custom application

How to control access to Orion using oauth 2.0?

Inconsistencies in logical/topological attack graphs/paths

Support for Device Pairing?

Certification and/or encryption support?

Copyright Askbot, 2010-2011. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | cookies policy | give feedback
Powered by Askbot version 0.7.53