CXRF attack and Shib SP

[Cantor, Scott]

On 4/8/14, 12:42 PM, "Russell Beall" <beall at usc.edu> wrote:

>Nothing was detected regarding the Shib SP component of course, it was
>the application which was found to be vulnerable.

My point is that there is actually an issue that fits that definition in
the SP itself, it just isn't easy to fix without blocking a feature people
use a lot.

But no, the SP doesn't really contribute to or affect actual application
cases of this apart from that issue.

-- Scott