Hi all, we released an updated version of our paper "A Comprehensive Formal Security Analysis of OAuth 2.0" in which we present the IdP Mix-Up attack. In this update, we clarified some of the assumptions for the IdP Mix-Up attack.
We now also analyzed the resistance of OAuth against cross-site request forgery and found some new attacks. (We at least briefly described the attacks in separate posts here on the mailinglist over the last months.) Please find the updated paper here: https://arxiv.org/abs/1601.01229 Cheers, Daniel -- Informationssicherheit und Kryptografie UniversitÀt Trier - Tel. 0651 201 2847 - H436 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
