CXRF attack and Shib SP

Cantor, Scott cantor.2 at
Tue Apr 8 12:57:15 EDT 2014

On 4/8/14, 12:42 PM, "Russell Beall" <beall at> wrote:

>Nothing was detected regarding the Shib SP component of course, it was
>the application which was found to be vulnerable.

My point is that there is actually an issue that fits that definition in
the SP itself, it just isn't easy to fix without blocking a feature people
use a lot.

But no, the SP doesn't really contribute to or affect actual application
cases of this apart from that issue.

-- Scott

More information about the users mailing list