Daniel Fett
2016-06-27 12:18:12 UTC
Hi all,
we released an updated version of our paper
"A Comprehensive Formal Security Analysis of OAuth 2.0"
in which we present the IdP Mix-Up attack. In this update, we clarified
some of the assumptions for the IdP Mix-Up attack.
We now also analyzed the resistance of OAuth against cross-site request
forgery and found some new attacks. (We at least briefly described the
attacks in separate posts here on the mailinglist over the last months.)
Please find the updated paper here:
https://arxiv.org/abs/1601.01229
Cheers,
Daniel
we released an updated version of our paper
"A Comprehensive Formal Security Analysis of OAuth 2.0"
in which we present the IdP Mix-Up attack. In this update, we clarified
some of the assumptions for the IdP Mix-Up attack.
We now also analyzed the resistance of OAuth against cross-site request
forgery and found some new attacks. (We at least briefly described the
attacks in separate posts here on the mailinglist over the last months.)
Please find the updated paper here:
https://arxiv.org/abs/1601.01229
Cheers,
Daniel
--
Informationssicherheit und Kryptografie
Universität Trier - Tel. 0651 201 2847 - H436
Informationssicherheit und Kryptografie
Universität Trier - Tel. 0651 201 2847 - H436