Note that the authors of the paper have a website up where one can submit
traces to their "Browser Relayed Messages (BRM)" analyzer, plus the obligate
forum etc.
http://sso-analysis.org/
HTH,
=JeffH
___
OAuth mailing list
OAuth@ietf.org
https://ww
.
It's a very real, very bad problem.
-bill
>
> From: John Bradley
>To: Stephen Farrell
>Cc: "oauth@ietf.org"
>Sent: Tuesday, April 17, 2012 7:57 AM
>Subject: Re: [OAUTH-WG] web sso study...
>
>I posted to my blog about
I posted to my blog about a significant implementation flaw made by people
using Facebook's OAuth 2 implementation.
I understand that Facebook is fixing it in there own code, but many clients are
exploitable.
For those interested.
http://www.thread-safe.com/2012/04/followup-on-oauth-facebook-
