Not sure this is the best way to report an exploit. First, the library owner should be contacted directly and privately. Then potential users of the library (it is ok to ask on the list who is using a library). Then after giving people enough time to address it, go public.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Solberg Andreas Åkre > Sent: Thursday, April 30, 2009 12:51 AM > To: [email protected] > Subject: [oauth] Vulnerable token creation in PHP OAuth library > > > FYI > > https://rnd.feide.no/content/vulnerable-token-creation-php-oauth- > library > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
