IdentityServer3 icon indicating copy to clipboard operation
IdentityServer3 copied to clipboard
verified publisher icon IdentityServer

Evaluate OAuth 2.0 Mixup Mitigation

Open leastprivilege opened this issue 9 years ago • 4 comments

http://self-issued.info/?p=1524

leastprivilege avatar Jan 19 '16 09:01 leastprivilege

that means identityserver3 all versions are concerned?

truthbeliever avatar Jan 19 '16 15:01 truthbeliever

I will tell you once I evaluated it ;)

Katana does not have an issue - but other client libraries might.

leastprivilege avatar Jan 19 '16 17:01 leastprivilege

update

https://tools.ietf.org/html/draft-jones-oauth-mix-up-mitigation-01

leastprivilege avatar Jan 21 '16 06:01 leastprivilege

More info

http://nat.sakimura.org/2016/01/22/code-phishing-attack-on-oauth-2-0-rfc6749/

leastprivilege avatar Jan 23 '16 08:01 leastprivilege