We recently discovered, through formal analysis, two new attacks on OAuth (Technical Report). This publication was coordinated with the OAuth Working Group who released a statement on their mailing list and prepared a draft covering the recommended mitigations. The publication of the attacks was also covered in a press release by our university, and some press articles.
Our group will host an OAuth Security Workshop to discuss these and other findings, background on OAuth security, and future improvements to OAuth in July 2016.
Autoren: Küsters, Ralf / Wilke, Thomas
2011. XII, 300 S. Mit 16 Abb. Br.