[Openid-specs-ab] Issue #840: Messages - 9.10 Also mention about cut&paste attack (openid/connect)
issues-reply at bitbucket.org
Fri May 31 01:34:47 UTC 2013
New issue 840: Messages - 9.10 Also mention about cut&paste attack
cut & paste attack is a kind of token substitution attack. It would be good to mention it here since it is so common in OAuth implementations.
Should it be in Standard by the way? It is mentioning HTTP, which is indicative of that it belongs to HTTP/OAuth binding, which is Standard.
More information about the Openid-specs-ab