Hi,
While testing UMA 2.0, I found that the protocol was vulnerable to a
vulnerability (which may not apply in some deployments).
It might be interesting to start by discussing this topic off-list in
order to let the implementers the opportunity to implement suitable
mitigations before public disclosure. Please let me know if you would be
interested.
If you know the contact of any other implementers please let me know.
Regards,
Gabriel Corona
