[OAUTH-WG] Some OAuth related vulnerability in Google and Facebook
Antonio Sanso <asanso@adobe.com> Wed, 19 February 2014 20:38 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8A31A05FB for <oauth@ietfa.amsl.com>; Wed, 19 Feb 2014 12:38:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l25ESbd6Bxps for <oauth@ietfa.amsl.com>; Wed, 19 Feb 2014 12:38:03 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0205.outbound.protection.outlook.com [207.46.163.205]) by ietfa.amsl.com (Postfix) with ESMTP id E78B61A05F2 for <oauth@ietf.org>; Wed, 19 Feb 2014 12:38:01 -0800 (PST)
Received: from CO1PR02MB206.namprd02.prod.outlook.com (10.242.165.144) by CO1PR02MB208.namprd02.prod.outlook.com (10.242.165.150) with Microsoft SMTP Server (TLS) id 15.0.878.16; Wed, 19 Feb 2014 20:37:50 +0000
Received: from CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.20]) by CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.20]) with mapi id 15.00.0878.008; Wed, 19 Feb 2014 20:37:49 +0000
From: Antonio Sanso <asanso@adobe.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Some OAuth related vulnerability in Google and Facebook
Thread-Index: AQHPLbJ0fQi4oDuockSjxlMQGRZj1Q==
Date: Wed, 19 Feb 2014 20:37:49 +0000
Message-ID: <88EEAE70-42ED-4900-AD3A-CFCCC5FF7DF0@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [178.83.47.250]
x-forefront-prvs: 012792EC17
x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(189002)(199002)(15975445006)(51856001)(69226001)(95666001)(95416001)(77096001)(94316002)(76796001)(81342001)(76786001)(81816001)(53806001)(74366001)(54356001)(94946001)(56776001)(54316002)(74706001)(33656001)(76482001)(36756003)(81686001)(93516002)(74876001)(93136001)(82746002)(76176001)(86362001)(87936001)(4396001)(80976001)(63696002)(92726001)(15202345003)(87266001)(85306002)(49866001)(56816005)(83322001)(19580395003)(47446002)(47736001)(74662001)(83716003)(66066001)(81542001)(74502001)(65816001)(92566001)(83072002)(47976001)(558084003)(85852003)(59766001)(31966008)(50986001)(77982001)(2656002)(90146001)(46102001)(80022001)(79102001)(15302535010); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR02MB208; H:CO1PR02MB206.namprd02.prod.outlook.com; CLIP:178.83.47.250; FPR:72F2F4FE.27AF65C8.7859697F.F0CA9C88.20077; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <06285E9884B94A4C9C3C0A392C5D3532@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/IVEo6ianActfVYfdw3RgoNTGTEI
Subject: [OAUTH-WG] Some OAuth related vulnerability in Google and Facebook
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 20:38:05 -0000
hi *, just sharing with you some implementation OAuth related leak in Google and Facebook. Some details in: http://intothesymmetry.blogspot.ch/2014/02/oauth-2-attacks-and-bug-bounties.html regards antonio
- [OAUTH-WG] Some OAuth related vulnerability in Go… Antonio Sanso