RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 6819, "OAuth 2.0 Threat Model and Security Considerations", January 2013

Source of RFC: oauth (sec)

Errata ID: 5965
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: David Piggott
Date Reported: 2020-01-23
Verifier Name: Benjamin Kaduk
Date Verified: 2020-01-30

Section 4.4.1.2 says:

Store access token hashes only (Section 5.1.4.1.3).

It should say:

Store authorization code hashes only (Section 5.1.4.1.3).

Status: Held for Document Update (1)

RFC 6819, "OAuth 2.0 Threat Model and Security Considerations", January 2013

Source of RFC: oauth (sec)

Errata ID: 4267
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: David Gladstone
Date Reported: 2015-02-09
Held for Document Update by: Kathleen Moriarty
Date Held: 2015-12-08

Section 4.4.1.11 says:

If an authorization server includes a nontrivial amount of entropy

It should say:

If an authorization server includes a trivial amount of entropy

Notes:

The threat being described outlines a scenario where too little entropy is involved; countermeasures include using non-trivial amounts of entropy.

Report New Errata