[OpenID] Fwd: OpenID Spoofing
ydnar
ydnar at shaderlab.com
Thu Jan 11 23:01:07 UTC 2007
You could visit a malicious site that spoofs your IDP, trolling for
login info:
1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.
The spoof site now has your LJ credentials.
Randy
On Jan 11, 2007, at 2:41 PM, Dmitry Shechtman wrote:
> Is there a well-documented OpenID spoofing scenario somewhere?
>
>
> Regards,
> Dmitry
> =damnian
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list