[OAUTH-WG] Top 5 OAuth 2 Implementation Vulnerabilities

Antonio Sanso <asanso@adobe.com> Tue, 06 January 2015 21:44 UTC

Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 494261A8715 for <oauth@ietfa.amsl.com>; Tue, 6 Jan 2015 13:44:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y_WW9R3SY2Id for <oauth@ietfa.amsl.com>; Tue, 6 Jan 2015 13:43:58 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0694.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:694]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B27561A1A39 for <oauth@ietf.org>; Tue, 6 Jan 2015 13:43:57 -0800 (PST)
Received: from CO1PR02MB206.namprd02.prod.outlook.com (10.242.165.144) by CO1PR02MB207.namprd02.prod.outlook.com (10.242.165.145) with Microsoft SMTP Server (TLS) id 15.1.49.12; Tue, 6 Jan 2015 21:43:34 +0000
Received: from CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.202]) by CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.202]) with mapi id 15.01.0049.002; Tue, 6 Jan 2015 21:43:34 +0000
From: Antonio Sanso <asanso@adobe.com>
To: OAuth WG <oauth@ietf.org>
Thread-Topic: Top 5 OAuth 2 Implementation Vulnerabilities
Thread-Index: AQHQKfnRKKww73yh7kGg2rf+vxnnzQ==
Date: Tue, 06 Jan 2015 21:43:33 +0000
Message-ID: <0A9CB984-C465-4FA1-8373-1D236692021B@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [178.83.47.250]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=asanso@adobe.com;
x-dmarcaction: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005003);SRVR:CO1PR02MB207;
x-forefront-prvs: 0448A97BF2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(189002)(199003)(97736003)(77156002)(62966003)(120916001)(558084003)(99286002)(4396001)(110136001)(450100001)(15975445007)(102836002)(36756003)(2900100001)(68736005)(99396003)(66066001)(86362001)(19580395003)(54356999)(229853001)(2656002)(87936001)(106356001)(106116001)(40100003)(19617315012)(105586002)(64706001)(16236675004)(122556002)(107046002)(50986999)(83716003)(82746002)(92566001)(107886001)(46102003)(21056001)(31966008)(33656002)(101416001)(20776003)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CO1PR02MB207; H:CO1PR02MB206.namprd02.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: adobe.com does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_0A9CB984C4654FA183731D236692021Badobecom_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2015 21:43:33.8557 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR02MB207
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/meEzj69ItQATKk1dUkZ5-WcQnWA
Subject: [OAUTH-WG] Top 5 OAuth 2 Implementation Vulnerabilities
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2015 21:44:00 -0000