An attacker may attempt to re-use an identity token that was acquired for another client or for another authorization session.
OpenID Connect Core 1.0 incorporating errata set 1 (OIDC, section 2)
This threat is considered fully mitigated if all the test cases from the following test set succeed.
Back to the threat overview