Overview#

Malicious Endpoint in OAuth 2.0 and OpenID Connect is a class of an Attack where information is returned in the Authorization Response in which the OAuth Client be tricked into using inconsistent sets of metadata from multiple Authorization Servers, including potentially using a token endpoint that does not belong to the same Authorization Server as the authorization endpoint used.

Some Research publications refer to these as IdP Mix-Up and Malicious Endpoint attacks.

Malicious Endpoint the Attacker acts as a Man-In-The-Middle between the OAuth Client and the "intended" Authorization Server

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 19-Jul-2017 09:05 by jim