[Openid-specs-fapi] Issue #535: Attackers A7/A8 break session integrity (openid/fapi)

Daniel Fett issues-reply at bitbucket.org
Thu Aug 4 08:15:39 UTC 2022

Previous message (by thread): [Openid-specs-fapi] Issue #534: Authorization Request Leaks lead to CSRF (openid/fapi)
Next message (by thread): [Openid-specs-fapi] Issue #536: Discovery should be mandated for clients (openid/fapi)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

New issue 535: Attackers A7/A8 break session integrity
https://bitbucket.org/openid/fapi/issues/535/attackers-a7-a8-break-session-integrity

Daniel Fett:

![](https://bitbucket.org/repo/K7gLBb/images/2271671978-Screenshot_20220804_101501.png)
Recommendation: See screenshot.

Previous message (by thread): [Openid-specs-fapi] Issue #534: Authorization Request Leaks lead to CSRF (openid/fapi)
Next message (by thread): [Openid-specs-fapi] Issue #536: Discovery should be mandated for clients (openid/fapi)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Openid-specs-fapi mailing list