sonimeister / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

OAuthServer.fetch_request_token() can leak request token secrets. #47

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
The Python example server implements the request token URL using
OAuthServer.fetch_request_token().

If the consumer passes an oauth_token parameter to the request token URL
for a valid request token, fetch_request_token() will return that token
without any signature checking rather than checking the signature and
creating a new token.  The existing token and its secret are then returned
to the consumer.

You might need a bit more information to perform a successful attack, but
leaking this information seems like a problem.  There should probably be
separate methods for use by the "request token" and "authorisation" stages.

Original issue reported on code.google.com by james.he...@gmail.com on 9 Oct 2008 at 7:05

GoogleCodeExporter commented 8 years ago

Original comment by jmkrist...@gmail.com on 22 Oct 2008 at 5:22

GoogleCodeExporter commented 8 years ago

Original comment by leah.culver on 14 Jan 2009 at 11:09