You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've looked through, and every single fork of https://github.com/fduraffourg/go-openid including the unmaintained master has the same gaping security hole:
The majority of the openid verification is unimplemented and any openid.op_endpoint can be passed in, making the whole process pointless and trivial to bypass.
I would either remove the link from your readme, or at least make a note that every branch (as of right now) is completely insecure.
The text was updated successfully, but these errors were encountered:
I've looked through, and every single fork of https://github.com/fduraffourg/go-openid including the unmaintained master has the same gaping security hole:
The majority of the openid verification is unimplemented and any
openid.op_endpoint
can be passed in, making the whole process pointless and trivial to bypass.I would either remove the link from your readme, or at least make a note that every branch (as of right now) is completely insecure.
The text was updated successfully, but these errors were encountered: