Project

General

Profile

Actions
Copy link

Bug #190

closed

RefreshAddress not checked for same origin

Added by Tobias Wich over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
1.0.2
Start date:
03/21/2013
Due date:
% Done:

0%

Estimated time:
Reviewer:
Tobias Wich
Build Version:

Description

The certificate obtained from the TLS connection used to retrieve the TCToken must be used to validate the RefreshAddress. This is currently not the case.

The relevant section in the eCard API (Part 7) is 3.4.5

Related issues

Related to Bug #209: Final result of eID dialog is not send as HTTP Redirect to eID-Client, but eID-Client redirects/offers Browser that result pageClosedDirk Petrautzki03/27/2013

Actions
Has duplicate Bug #208: It seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x)Rejected03/27/2013

Actions
Actions
Copy link

Also available in: Atom PDF