webpay should not allow arbitrary persona audiences in its verifier

RESOLVED FIXED in 2013-07-25

Status

Marketplace
Payments/Refunds
P1
normal
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: kumar, Assigned: kumar)

Tracking

2013-07-25
x86
Mac OS X
Points:
---

Details

(Whiteboard: [qa-])

the audience parameter is read from the request which is insecure
Assignee: nobody → kumar.mcmillan
Priority: -- → P1
Whiteboard: [qa-]
Target Milestone: --- → 2013-07-25
fixed https://github.com/mozilla/webpay/commit/fabe882ac7814acc49c5e577e38c38c6957f6085
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.