[Openid-specs-ab] Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

John Bradley ve7jtb at ve7jtb.com
Mon Oct 12 23:07:02 UTC 2015


Thanks Mike,

We are looking at it.

It is perhaps overstatement that it compromises Connect Authentication.   It is more of an attack on the Authorization flow.   The attacker winds up with read access to the user_info endpoint for the user but not access to the RP/Client.

Propper XSRF protection at the client can mitigate the attacker pushing a fake userID to the client, as a first step.

However we will probably recommend a change to the registration response to prevent the underlying cause of the attack.

John  B.



> On Oct 12, 2015, at 7:35 PM, Mike Schwartz <mike at gluu.org> wrote:
> 
> Attacking OpenID Connect 1.0 - Malicious Endpoints Attack
> 
> http://web-in-security.blogspot.com/2015/10/attacking-openid-connect-10-malicious.html
> 
> In this post we show a novel attack on OpenID Connect 1.0, which compromises the security of the entire protocol - the Malicious Endpoints attack. The idea behind the attack is to influence the information flow in the Discovery and Dynamic Registration Phase in such a way that the attacker gains access to sensitive information...
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20151012/b491ead1/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list