[OpenID] Fwd: OpenID Spoofing

ydnar ydnar at shaderlab.com
Thu Jan 11 23:01:07 UTC 2007

You could visit a malicious site that spoofs your IDP, trolling for  
login info:

1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a  
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.  
The spoof site now has your LJ credentials.


On Jan 11, 2007, at 2:41 PM, Dmitry Shechtman wrote:

> Is there a well-documented OpenID spoofing scenario somewhere?
> Regards,
> Dmitry
> =damnian
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list