IdentityServer2 icon indicating copy to clipboard operation
IdentityServer2 copied to clipboard
verified publisher icon IdentityServer

IdentityServer v2

Open JDL-84 opened this issue 9 years ago • 1 comments

I am currently looking at the security of one of our applications.

Currently, the application is deployed using IdentityServer v2, which we can see is EOL.

Whilst we are looking to progress the migration to v3, I would like to understand what (if any) security risks we may be vulnerable to.

Is there a known venerability list for v2? I can only find odd reference to a re-direct issue. I would have thought there would be at least a couple of known issues.

JDL-84 avatar Jul 11 '16 13:07 JDL-84

No, no known issues with IdSvr2 except that it targets an older set of security protocols (WS-*). IdSvr3 and IdSvr4 target the newer protocols (OIDC and OAuth2), and thus allows for a wider range of security solutions for the newer types of applications that people are building.

brockallen avatar Jul 11 '16 13:07 brockallen