Monday, October 5, 2015

Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

In this post we show a novel attack on OpenID Connect 1.0, which compromises the security of the entire protocol - the Malicious Endpoints attack. The idea behind the attack is to influence the information flow in the Discovery and Dynamic Registration Phase in such a way that the attacker gains access to sensitive information.

Beliebte Posts