Overview#

Mix-up attacks is an Attack on OAuth 2.0 (or OpenID Connect) wherein the attacker manages to convince the client to send credentials (Authorization Code or Access_token) obtained from an "honest" Authorization Server to a server under the attacker’s control.

Pushed Authorization Requests help to eliminate Mix-up attacks.

More Information#

There might be more information for this subject on one of the following:
  • [#1] - Mix-Up, RevisitedContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2022-03-19
This page (revision-3) was last changed on 29-Nov-2024 16:16 by AdministratorTop