[security] security hole in signature algorithm
James A. Donald
jamesd at echeque.com
Mon Nov 20 19:45:02 UTC 2006
--
Dick Hardt wrote:
> Scenario ------------- By manipulating the return_to
> parameter, an attacked can impersonate another user at
> an RP.
>
> 1) Attacker goes to an RP and initiates an
> authentication pretending to be http://victim.op.com.
> RP sends the following parameters in the request:
>
> openid.return_to=http://rp.com/result?p=x
> openid.identity=http://victim.op.com
>
> 2) The attacker modifies the parameters as such:
This is a man in the middle attack. To launch a man in
the middle attack, one generally poisons DNS or routing
tables, which can be done, and often is done, but is not
that easy or that common. One can also launch a man in
the middle attack by interfering with the physical line
coming from a particular home, or a particular
institution.
It is reasonable to provide security that fails to
protect against a man in the middle attack, for such
attacks are not the main threat, but the threat needs to
be noted, and should be defended against if one can find
a low cost way of doing so.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Feg5WSMP+ZF9MK8mPWm1MPQga0yF7ZwzeRCB9rmH
4WstoiW2104UktEffclaA6DuFGBVF5+Pv9KN9JK/r
More information about the specs
mailing list