[Openid-specs-ab] Univ of Trier OAuth2 / OpenID Connect security flaw paper

Sat Jan 9 15:22:23 UTC 2016

”IdP Mixed-Up” attack looks very similar with what we discussed at IIW and IWTF.

> On Jan 9, 2016, at 04:51, Mike Schwartz <mike at gluu.org> wrote:
> 
> OpenID Connect Gurus:
> 
> New vulnerabilities identified by the Univ of Trier:
>  http://www.scmagazineuk.com/researchers-find-two-flaws-in-oauth-20/article/463919/
> 
> - Mike
> 
> -------------------------------------
> Michael Schwartz
> Gluu
> http://gluu.org
> SSO / SAML / OpenID Connect / UMA / OAuth2
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab