-
Notifications
You must be signed in to change notification settings - Fork 14
ID Spoofing
mladevbb edited this page Jul 15, 2016
·
1 revision
ID Spoofing (IDS) is an attack which targets the ID Token verification part of a Client. If the verification by a Client is not handled correctly, an attacker is able to login as an arbitrary End-User of this application.
Before we start with the attack, just a short reminder how an ID Token usually looks like:
Header: { "alg": "HS256" }
Body: {
"iss": "http://openidConnectProvider.com/",
"sub": "user1",
"exp": 1444148908,
"iat": 1444148308,
"nonce": "40c6b33b9a2e",
"aud": "fdsf2432ddsf", (the registered _client_id_)
}
Signature: AF45JF93LKD76D....#The IDS attack To perform an IDS attack an attacker has to act as an End-User and an OP simultaneously. The attacker’s OP however, issues tokens in the name of other Honest OP like Google.
Header: { "alg": "HS256" }
Body: {
"iss": "http://openidConnectProvider.com/",
"sub": "user1",
"exp": 1444148908,
"iat": 1444148308,
"nonce": "40c6b33b9a2e",
"aud": "http://client.com/",
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"gender": "female",
"birthdate": "0000-10-31",
"email": "[email protected]",
}
Signature: AF45JF93LKD76D....