[Openid-specs-ab] Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

Mike Schwartz mike at gluu.org
Mon Oct 12 22:35:52 UTC 2015


Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

http://web-in-security.blogspot.com/2015/10/attacking-openid-connect-10-malicious.html

In this post we show a novel attack on OpenID Connect 1.0, which 
compromises the security of the entire protocol - the Malicious 
Endpoints attack. The idea behind the attack is to influence the 
information flow in the Discovery and Dynamic Registration Phase in such 
a way that the attacker gains access to sensitive information...




More information about the Openid-specs-ab mailing list