Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Open Authentication 2.0 - Inherent Security Risks

Tags:

security

oauth

There are a few social networking sites which use Open Authentication 2.0. I am aware that Open Auth is vulnerable to phishing attacks, though SSL makes it unlikely. What are the security risks inherent in using Open Auth 2.0?

like image 719
Craig Locke Avatar asked Oct 27 '11 14:10

Craig Locke

1 Answers

This document has some good pointers on how the attack can be and what are the counter measures

https://www.rfc-editor.org/rfc/rfc6819

Hope this helped

like image 103
Ravi Vasamsetty Avatar answered Oct 11 '22 02:10

Ravi Vasamsetty
Sign in to Comment

Related questions

Configuring authlogic-oauth with google
Using Google experimental implementation of OAuth 2.0 to access existing API endpoints
Is there a good multi-target OAuth-Framework out there?
Simple registration+login using OAuth 2.0
How to resolve "Invalid signature. Expected signature base string" in OAuth 1.0
ACS and facebook login -> display=touch is broken? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!