[Openid-specs-ab] Issue #840: Messages - 9.10 Also mention about cut&paste attack (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Fri May 31 01:34:47 UTC 2013


New issue 840: Messages - 9.10 Also mention about cut&paste attack
https://bitbucket.org/openid/connect/issue/840/messages-910-also-mention-about-cut-paste

Nat Sakimura:

cut & paste attack is a kind of token substitution attack. It would be good to mention it here since it is so common in OAuth implementations. 

Should it be in Standard by the way? It is mentioning HTTP, which is indicative of that it belongs to HTTP/OAuth binding, which is Standard. 




More information about the Openid-specs-ab mailing list