Results 1 to 2 of 2

Thread: OpenID Vulnerability Alert

  1. #1
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Exclamation OpenID Vulnerability Alert

    OpenID Foundation(OpenID Foundation website) have reported that
    some OpenID Authentication 2.0 server implementations were found to be vulnerable.

    Anyone who implements OP or RP on zimbra server (maybe as server extension) should take a look into the detail in their post below;
    Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs | OpenID

  2. #2
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    The root cause of this is vulnerable implementation of OP side.
    So something should be done in OP side eventually.
    But in the mean while, there could be some workaround which RP itself can do.
    One is stop using private associations and using only shared associations in RP side.

    I guess you can do this with zimbraOpenidConsumerStatelessModeEnabled attribute in ZimbraLDAP if you use OpenID Consumer server extension in Zimbra NE package.

    (I can only "guess" that because i can not find source code of OpenID Consumer server extension in Zimbra.)

Similar Threads

  1. Zimbra 8 - OpenID
    By uxbod in forum Administrators
    Replies: 5
    Last Post: 10-05-2012, 04:33 AM
  2. OpenID support still missing
    By cheros in forum Developers
    Replies: 2
    Last Post: 09-13-2009, 10:56 AM
  3. OpenID
    By kaouki in forum Developers
    Replies: 3
    Last Post: 05-30-2007, 01:36 PM
  4. Security Vulnerability Alert
    By jholder in forum Announcements
    Replies: 0
    Last Post: 04-21-2007, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •