[Amdatu-developers] [JIRA] Updated: (AMDATU-229) Add fix for oAuth session fixation vulnerability

Bram de Kruijff (JIRA) Tue, 15 Feb 2011 04:17:14 -0800

     [ 
http://jira.amdatu.org/jira/browse/AMDATU-229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bram de Kruijff updated AMDATU-229:
-----------------------------------

    Fix Version/s:     (was: 0.1.1)

Removed 0.1.1 fix version for now as we can't commit to that at this point.

> Add fix for oAuth session fixation vulnerability
> ------------------------------------------------
>
>                 Key: AMDATU-229
>                 URL: http://jira.amdatu.org/jira/browse/AMDATU-229
>             Project: Amdatu
>          Issue Type: Improvement
>          Components: Amdatu Auth
>    Affects Versions: 0.1.0
>            Reporter: Ivo Ladage - van Doorn
>
> See 
> http://hueniverse.com/2009/04/explaining-the-oauth-session-fixation-attack/
> A generated token should be added to the callback URL, that should fix this 
> vulnerability

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

[Amdatu-developers] [JIRA] Updated: (AMDATU-229) Add fix for oAuth session fixation vulnerability

Reply via email to