[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-43?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivo Ladage - van Doorn resolved AMDATUAUTH-43.
----------------------------------------------
Resolution: Fixed
Added fixes to prevent session fixation attacks. oauth_verifier, oauth_callback
and oauth_callback_confirmed parameter handling has been added according to the
Revision A spec of 1.0.
> Add fix for oAuth session fixation vulnerability
> ------------------------------------------------
>
> Key: AMDATUAUTH-43
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-43
> Project: Amdatu Auth
> Issue Type: Improvement
> Components: OAuth server
> Affects Versions: 0.1.0
> Reporter: Ivo Ladage - van Doorn
> Fix For: 0.2.0
>
>
> See
> http://hueniverse.com/2009/04/explaining-the-oauth-session-fixation-attack/
> A generated token should be added to the callback URL, that should fix this
> vulnerability
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
