[OpenID] Fwd: OpenID Spoofing

ydnar ydnar at shaderlab.com
Thu Jan 11 23:01:07 UTC 2007


You could visit a malicious site that spoofs your IDP, trolling for  
login info:

1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a  
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.  
The spoof site now has your LJ credentials.

Randy


On Jan 11, 2007, at 2:41 PM, Dmitry Shechtman wrote:

> Is there a well-documented OpenID spoofing scenario somewhere?
>
>
> Regards,
> Dmitry
> =damnian
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general




More information about the general mailing list