Juha Heinanen writes:
Moreover, the
latest recommendations in security is to disclose as less as
possible what was not "correct", avoiding responses like "invalid user
id"
or "invalid password".
I agree with that, but in case of expired nonce, the sender already has
somehow figured out what the username is.
I think that in order to be able send a request with stale nonce, the
attacker must already have been able to capture the previous
request/response. If so, there is not much to loose by including the
flag.
-- Juha