[Openid-specs-ab] Cut and paste language review
Michael.Jones at microsoft.com
Wed Jun 5 18:11:08 UTC 2013
I added the highlighted language after the first sentence in the following paragraph in Messages so that that we're including a description of the "cut and paste" attack. Please review.
9.10. Token Substitution
Token Substitution is a class of attacks in which a malicious user swaps various tokens, including swapping an Authorization Code for a legitimate user with another token that the attacker has. One means of accomplishing this is for the attacker to copy a token out one session and use it in an HTTP message for a different session, which is easy to do when the token is available to the browser; this is known as the "cut and paste" attack.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab