[Openid-specs-ab] OAuth implementation vulnerability
Nat Sakimura
sakimura at gmail.com
Wed May 15 01:33:08 UTC 2013
You guys probably new it, but it is a good read.
http://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/
BTW, perhaps we should add x-frame-options to the spec?
Also, some tightening up in the security considerations?
I know that this is really an implementation issues but the magnitude of
the attack success make me think that perhaps it is a good idea to mention
them at least. I being probably the one who want to finish the spec the
most...
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130515/1c282261/attachment.html>
More information about the Openid-specs-ab
mailing list