Monday, October 5, 2015

Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

In this post we show a novel attack on OpenID Connect 1.0, which compromises the security of the entire protocol - the Malicious Endpoints attack. The idea behind the attack is to influence the information flow in the Discovery and Dynamic Registration Phase in such a way that the attacker gains access to sensitive information.

Read more »
By at
Labels: , ,
Subscribe to: Posts (Atom)

Beliebte Posts

  • DTD Cheat Sheet
    When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
  • CORS misconfigurations on a large scale
    Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i...
  • Printer Security
    Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic...
  • How to Break Microsoft Rights Management Services
    In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks:  We complete...
  • How To Spoof PDF Signatures
    One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...