Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't endorse https://github.com/fduraffourg/go-openid #5

Closed
xthexder opened this issue Feb 12, 2014 · 0 comments
Closed

Don't endorse https://github.com/fduraffourg/go-openid #5

xthexder opened this issue Feb 12, 2014 · 0 comments
Assignees
@yohcop

Comments

@xthexder
Copy link

I've looked through, and every single fork of https://github.com/fduraffourg/go-openid including the unmaintained master has the same gaping security hole:
The majority of the openid verification is unimplemented and any openid.op_endpoint can be passed in, making the whole process pointless and trivial to bypass.

I would either remove the link from your readme, or at least make a note that every branch (as of right now) is completely insecure.
@yohcop yohcop self-assigned this Feb 13, 2014
@yohcop yohcop closed this as completed in 88a5cdf Feb 13, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yohcop yohcop

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yohcop @xthexder