- changed status to resolved
OID4VCI: distinguish two types of pre-auth code abuse.
Issue #1838
resolved
TODO The spec does not distinguish between replay (attacker forwards code to other wallet/end-user) and stealing the code (attacker scans code intended for other user). This needs to be fixed.
From the security analysis: openid / connect / Pull Request #468: First draft of OpenID 4 VC Security Analysis — Bitbucket
Comments (1)
-
- Log in to comment
Migrated to GitHub
https://github.com/openid/OpenID4VCI