[Openid-specs-ab] Univ of Trier OAuth2 / OpenID Connect security flaw paper
Mike Jones
Michael.Jones at microsoft.com
Mon Jan 11 18:46:50 UTC 2016
All - note the draft containing mitigations to these attacks that was announced at http://self-issued.info/?p=1524.
-- Mike
-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of nov matake
Sent: Saturday, January 9, 2016 7:22 AM
To: Mike Schwartz <mike at gluu.org>
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Univ of Trier OAuth2 / OpenID Connect security flaw paper
�”IdP Mixed-Up” attack looks very similar with what we discussed at IIW and IWTF.
> On Jan 9, 2016, at 04:51, Mike Schwartz <mike at gluu.org> wrote:
>
> OpenID Connect Gurus:
>
> New vulnerabilities identified by the Univ of Trier:
>
> http://www.scmagazineuk.com/researchers-find-two-flaws-in-oauth-20/art
> icle/463919/
>
> - Mike
>
> -------------------------------------
> Michael Schwartz
> Gluu
> http://gluu.org
> SSO / SAML / OpenID Connect / UMA / OAuth2
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list