[OpenID] Fwd: OpenID Spoofing
ydnar at shaderlab.com
Thu Jan 11 23:01:07 UTC 2007
You could visit a malicious site that spoofs your IDP, trolling for
1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.
The spoof site now has your LJ credentials.
On Jan 11, 2007, at 2:41 PM, Dmitry Shechtman wrote:
> Is there a well-documented OpenID spoofing scenario somewhere?
> general mailing list
> general at openid.net
More information about the general