We're continuing the OAuth series with yet more potential attacks. I'll show you two server-side OAuth attacks that are a bit less known yet, because they don’t need the user interaction, they are usually rated as criticals. I’ll also show you two other...
OAuth
OAuth #5 – OAuth recon
I've been having quite a good time recently with authentication bugs. Not all of them are in SSO flows but most of them are and the techniques I've used are the same ones I covered in previous articles from this series: OAuth #1 - How does it even work? Oauth...
OAuth #4 – exchanging the code
For a long time, the only OAuth attack that I knew was worth trying was changing the redirect_uri. But I’ve been missing out on a lot! In recent years I’ve become more and more proficient with OAuth and I see many more attack scenarios. In this multi-part series,...
Oauth #3 – response_mode
For a long time, the only OAuth attack that I knew was worth trying was changing the redirect_uri. But I’ve been missing out on a lot! In recent years I’ve become more and more proficient with OAuth and I see many more attack scenarios. In this multi-part series,...
Oauth #2 – CSRFs and the state
For a long time, the only OAuth attack that I knew was worth trying was changing the redirect_uri. But I’ve been missing out on a lot! In recent years I’ve become more and more proficient with OAuth and I see many more attack scenarios. In this multi-part series,...
OAuth #1 – How does it even work?
For a long time, the only Oauth attack that I knew was worth trying was changing the redirect_uri. But I’ve been missing out on a lot! In recent years I’ve become more and more proficient with Oauth and I see many more attack scenarios. In this multi-part series,...