openid / connect / issues / #1838 - OID4VCI: distinguish two types of pre-auth code abuse. — Bitbucket

Issue #1838 resolved

Kristina Yasuda created an issue 2023-02-28

TODO The spec does not distinguish between replay (attacker forwards code to other wallet/end-user) and stealing the code (attacker scans code intended for other user). This needs to be fixed.

From the security analysis: openid / connect / Pull Request #468: First draft of OpenID 4 VC Security Analysis — Bitbucket

Comments (1)

Mark Haine
- changed status to resolved
Migrated to GitHub

https://github.com/openid/OpenID4VCI
- 2023-09-01T16:51:59+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Credential Issuance

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!