MultiACConc

Multiple authorization codes concurrency bugs

Concurrency issues can result in an authorization code being used multiple times.

A malicious client can exchange an authorization code multiple times.

The OAuth 2.0 Authorization Framework (RFC6749, section )

Mitigations

This threat is considered fully mitigated if all the test cases from the following test set succeed.

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview