[mitreid-connect] Security Update: 1.1.11 and 1.0.19

Justin P Richer jricher at mit.edu
Fri Oct 24 11:44:51 EDT 2014


A security flaw in MITREid Connect was patched in the latest versions, 1.1.11 and 1.0.19 (as well as the main development trunk). With this bug, an attacker could bypass authentication for clients registered using the "private_key_jwt" authentication mechanism, allowing for impersonation of these clients. The new version closes this hole, and it is strongly recommended that all implementations using "private_key_jwt" clients upgrade immediately.

 -- Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20141024/8c8cc149/attachment.htm


More information about the mitreid-connect mailing list