Attribute Exchange Security Alert 15

A group of security researchers identified a flaw in how some OpenID relying parties implement Attribute Exchange (AX). See below for information on the suggested fix. The researchers determined that some sites were not confirming that the information passed through AX was signed. That allows an attacker to modify the […]