[mitreid-connect] Security Update: 1.1.11 and 1.0.19
Justin P Richer
jricher at mit.edu
Fri Oct 24 11:44:51 EDT 2014
A security flaw in MITREid Connect was patched in the latest versions, 1.1.11 and 1.0.19 (as well as the main development trunk). With this bug, an attacker could bypass authentication for clients registered using the "private_key_jwt" authentication mechanism, allowing for impersonation of these clients. The new version closes this hole, and it is strongly recommended that all implementations using "private_key_jwt" clients upgrade immediately.
-- Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20141024/8c8cc149/attachment.htm
More information about the mitreid-connect
mailing list