[Openid-specs-ab] Issue #1838: OID4VCI: distinguish two types of pre-auth code abuse. (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Tue Feb 28 06:36:00 UTC 2023
New issue 1838: OID4VCI: distinguish two types of pre-auth code abuse.
https://bitbucket.org/openid/connect/issues/1838/oid4vci-distinguish-two-types-of-pre-auth
Kristina Yasuda:
> **TODO** The spec does not distinguish between replay \(attacker forwards code to other wallet/end-user\) and stealing the code \(attacker scans code intended for other user\). This needs to be fixed.
From the security analysis: [openid / connect / Pull Request #468: First draft of OpenID 4 VC Security Analysis — Bitbucket](https://bitbucket.org/openid/connect/pull-requests/468#Lopenid-4-vc-security-and-trust-1_0.mdT966)
More information about the Openid-specs-ab
mailing list