Mix-up attacks

Overview#

Mix-up attacks is an Attack on OAuth 2.0 (or OpenID Connect) wherein the attacker manages to convince the client to send credentials (Authorization Code or Access_token) obtained from an "honest" Authorization Server to a server under the attacker’s control.

Pushed Authorization Requests help to eliminate Mix-up attacks.

More Information#

There might be more information for this subject on one of the following:
×