[Openid-specs-ab] Attacking OpenID Connect 1.0 - Malicious Endpoints Attack
Mike Schwartz
mike at gluu.org
Mon Oct 12 22:35:52 UTC 2015
Attacking OpenID Connect 1.0 - Malicious Endpoints Attack
http://web-in-security.blogspot.com/2015/10/attacking-openid-connect-10-malicious.html
In this post we show a novel attack on OpenID Connect 1.0, which
compromises the security of the entire protocol - the Malicious
Endpoints attack. The idea behind the attack is to influence the
information flow in the Discovery and Dynamic Registration Phase in such
a way that the attacker gains access to sensitive information...
More information about the Openid-specs-ab
mailing list