public marks

PUBLIC MARKS from nhoizey with tags sécurité & oAuth

February 2010

April 2009

Explaining the OAuth Session Fixation Attack

by 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?

OAuth: 2009.1

A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered.