OAuth 2.0 Mix-Up Attack


OAuth 2.0 Mix-Up Attack is an attack may occur when a OAuth Client interacts with multiple OAuth Authorization Servers.

OAuth 2.0 Mix-Up Attack is when a malicious Authorization Servers may confuse the OAuth Client into thinking that the malicious Authorization Servers is, in fact, the real Authorization Servers. This can lead to sensitive information like OAuth Client secrets, codes, and tokens getting leaked to the malicious Authorization Server.

OAuth 2.0 Mix-Up Attack is a concern when your deployment has one OAuth Client interacting with multiple Identity Provider (IDP) or Authorization Servers

More Information#

There might be more information for this subject on one of the following: