Researchers find two flaws in OAuth 2.0

Researchers find two flaws in OAuth 2.0

Security researchers from the University of Trier have discovered a couple of vulnerabilities in the OAuth 2.0 authentication protocol that could enable hackers to subvert single sign-on systems. The protocol is widely used on social networking sites, such as Facebook and Google+, to authenticate users.

According to researchers Daniel Fett, Ralf Küsters and Guido Schmitz two previously unknown attacks on OAuth, which both break authorisation and authentication in OAuth were found and these vulnerabilities were also present in the new OpenID Connect standard and can be exploited in practice. The exploits could be used capture credentials to impersonate a user or access user data.

Read more at – Researchers find two flaws in OAuth 2.0

Allidm Identity Access Management Post Image

Tags: , ,