OAuth

Security Advisories

The OAuth community is committed to identifying and addressing any security issues raised related to the OAuth protocol and extensions. Any identified threat will be publish on this page as soon as it is safe to do so. Due to the nature of many security threats, they cannot be disclosed before sufficient notice it given to vulnerable parties.

Known Threats

The following are the security threats known and the protocol version they affect:

OAuth Core 1.0

• 2009.1 Session Fixation Attack

How to Report Security Threats?

We are in the process of putting together resources to deal with future security issues. Meanwhile please contact Eran Hammer-Lahav with any concerns. Please DO NOT discuss unknown security threats in public as they are likely to be used by attacker before a solution can be applied.