OAuth Security Advisory: 2009.1 23-April-2009 A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered. Impact All standards-compliant implementations of the OAuth Core 1.0 protocol that use the OAuth authorization flow (also known as ‘3-legged OAuth’) are affected. Details The attack starts with the attacker visiting the (honest) Consu