openid / fapi / issues / #535 - Attackers A7/A8 break session integrity — Bitbucket

Issue #535 resolved

Daniel Fett created an issue 2022-08-04

Recommendation: See screenshot.

Comments (5)

Dave Tonge
- changed component to FAPI2: Baseline
- 2022-10-26T14:53:34+00:00
Dave Tonge
- assigned issue to
  
  Daniel Fett
- 2022-10-26T14:54:22+00:00
Daniel Fett reporter
This is covered by https://bitbucket.org/openid/fapi/pull-requests/381/change-attacker-model-to-reflect-formal

I thought about document the attack a little more - at the end of the day, all we can recommend is to protect resource servers well, just like any other server participating in the FAPI protocol. I don’t think we need an explicit section for this in the document.
- 2022-10-28T08:10:26+00:00
Nat Sakimura
- changed status to resolved
- 2022-11-02T14:45:24+00:00
Nat Sakimura
- changed component to FAPI2: Security Profile
- 2022-12-14T15:35:26+00:00
Log in to comment

Assignee: Daniel Fett

Type: bug

Priority: major

Status: resolved

Component: FAPI2: Security Profile

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!