Create security note/consideration on B. Access Token Injection with ID Token Replay (FAPI 1.0 Advanced)
Need to document the approach to B. Access Token Injection with ID Token Replay in the security analysis https://arxiv.org/pdf/1901.11520.pdf
Comments (9)
-
reporter -
reporter - changed component to Part 2: Advanced
-
reporter - changed component to FAPI 1 – Part 2: Advanced
-
reporter - changed component to FAPI 1: Advanced
-
to double check that we aren’t covering it already, and to check that the other documented attacks are either dealt with or covered by security considerations
-
reporter - changed status to resolved
fixes
#527- Create security note/consideration on B. Access Token Injection with ID Token Replay (FAPI 1.0 Advanced)→ <<cset fc0aa197e3f1>>
-
reporter fixes
#527- Use AS metadata for misconfigured endpoints→ <<cset 9e89dd625358>>
-
reporter fixes
#527- Merged "Access Token Injection with ID Token Replay" attack and mitigations into 8.3.5→ <<cset 9f3fe5bbdfcd>>
-
reporter Merged in fapi1_errata_527 (pull request #429)
fixes
#527- Create security note/consideration on B. Access Token Injection with ID Token Replay (FAPI 1.0 Advanced)Approved-by: Dima Postnikov Approved-by: Dave Tonge Approved-by: Nat Sakimura Approved-by: Joseph Heenan
→ <<cset cdf755de9937>>
- Log in to comment
See
#526as well.