6819_4_5_1

Eavesdropping Refresh Tokens from Authorization Server

An attacker may eavesdrop refresh tokens when they are transmitted between the authorization server and the client.

OAuth 2.0 Threat Model and Security Considerations (RFC6819, section 4.5.1)

Mitigations

This threat is considered fully mitigated if all the test cases from the following test set succeed.

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview