[Openid-specs-ab] Cut and paste language review

Mike Jones Michael.Jones at microsoft.com
Wed Jun 5 18:11:08 UTC 2013


I added the highlighted language after the first sentence in the following paragraph in Messages so that that we're including a description of the "cut and paste" attack.  Please review.
9.10.  Token Substitution
Token Substitution is a class of attacks in which a malicious user swaps various tokens, including swapping an Authorization Code for a legitimate user with another token that the attacker has. One means of accomplishing this is for the attacker to copy a token out one session and use it in an HTTP message for a different session, which is easy to do when the token is available to the browser; this is known as the "cut and paste" attack.

                                                            Thanks,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130605/ad4d7ccc/attachment.html>


More information about the Openid-specs-ab mailing list