[security] MyOpenID
Phil Kulak
pkulak at gmail.com
Wed Mar 21 20:34:41 UTC 2007
So, if I understand this correctly, it's not a problem with the
protocol, but with the identity provider being a bit too loose with
it's authorizations?
On 3/21/07, Josh Hoyt <josh at janrain.com> wrote:
> On 3/21/07, gaz_sec at hushmail.com <gaz_sec at hushmail.com> wrote:
> > I don't know what the position is on disclosure so I thought I
> > would just describe what is possible on the MyOpenID site and see
> > if the problem has been encountered before.
>
> Just for the record, we (JanRain) prefer to get contacted before a
> potential vulnerability has been publicly discussed.
>
> We're happy to work with anyone who has found a vulnerability in the
> OpenID protocols, the JanRain OpenID libraries, or any of our
> OpenID-using products.
>
> Josh
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security
>
More information about the security
mailing list