Concurrency issues can result in an authorization code being used multiple times.
A malicious client can exchange an authorization code multiple times.
The OAuth 2.0 Authorization Framework (RFC6749, section )
This threat is considered fully mitigated if all the test cases from the following test set succeed.
Back to the threat overview