Additional params are not signed
Bug #421837 reported by
Ivan Sagalaev
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Scipio |
New
|
Undecided
|
Unassigned | ||
Bug Description
Addition params that can be sent upon beginning of authentication through OP and received at completion should be signed. Otherwise a malicious serve can fake them.
To post a comment you must log in.
