[security] MyOpenID
Josh Hoyt
josh at janrain.com
Thu Mar 22 20:28:55 UTC 2007
On 3/22/07, Josh Hoyt <josh at janrain.com> wrote:
> On 3/22/07, gaz_sec at hushmail.com <gaz_sec at hushmail.com> wrote:
> > MyOpenID have fixed the problem with their site now so I shall give
> > everyone on this list 1 week from now to contact me (29th March). I
> > have had two people contact me regarding the problem and 1 beta
> > OpenID server was affected and the other wasn't.
>
> I was going to write up the issue on the JanRain blog. Would anyone
> prefer that I wait to post my write up?
I have done a write-up [1] that explains who was exposed by the
vulnerability, and the effect of the exploit, but does not contain the
technical details of the exploit. I'll post the technical details and
how we fixed the problem after the 29th.
Josh
1. http://janrain.com/blog/2007/03/22/myopenid-security-fix/
More information about the security
mailing list