Analysing the Security of Google’s Implementation of OpenID Connect

Li, Wanpeng; Mitchell, Chris

doi:10.1007/978-3-319-40667-1_18

Cited by 41 publications

(32 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chen et al [6], and Shehab and Mohsen [19] have looked at the security of OAuth 2.0 implementations on mobile platforms. Li and Mitchell [14] conducted an empirical study of the security of the OpenID Connect-based SSO service provided by Google.…”

Section: Analysing the Security Of Oauth 20 And Openid Connectmentioning

confidence: 99%

“…The HTTP message (see, for example, listing 1.1) of such an authorization response contains a Referer header which points to the IdP domain. In practice, major IdPs, such as Google, Facebook and Microsoft, implement an 'automatic authorization granting' feature [14]. That is, when the user has logged in to his/her OAuth 2.0 IdP account, the IdP generates an authorization response without explicit user consent.…”

Section: Protecting the Authorization Code (Grant) Flowmentioning

confidence: 99%

See 1 more Smart Citation

Mitigating CSRF attacks on OAuth 2.0 Systems

Mitchell

2018

2018 16th Annual Conference on Privacy, Security and Trust (PST)

Self Cite

View full text Add to dashboard Cite

Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0 and/or OpenID Connect-based single sign on. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance, and it has been widely examined both in theory and in practice. Unfortunately, as these studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.

show abstract

Section: Analysing the Security Of Oauth 20 And Openid Connectmentioning

confidence: 99%

Section: Protecting the Authorization Code (Grant) Flowmentioning

confidence: 99%

Mitigating CSRF attacks on OAuth 2.0 Systems

Mitchell

2018

2018 16th Annual Conference on Privacy, Security and Trust (PST)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The security properties of real-world OAuth 2.0 implementations have also been examined by a number of authors [5,10,11,13,18,21,22,24]. Wang et al [22] examined deployed SSO systems, focussing on a logic flaw present in many such systems, including OpenID.…”

Section: Explicit User Intention Trackingmentioning

confidence: 99%

Your Code Is My Code: Exploiting a Common Weakness in OAuth 2.0 Implementations

Mitchell

2018

Security Protocols XXVI

Self Cite

View full text Add to dashboard Cite

Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0-based single sign on. The security of OAuth 2.0 is therefore of critical importance, and it has been widely examined both in theory and in practice. In this paper we disclose a new class of practical attacks on OAuth 2.0 implementations, which we call Partial Redirection URI Manipulation Attacks. An attack of this type can be used by an attacker to gain a victim user's OAuth 2.0 code (a token representing a right to access user data) without the user's knowledge; this code can then be used to impersonate the user to the relevant relying party website. We examined 27 leading OAuth 2.0 identity providers, and found that 19 of them are vulnerable to these attacks.

show abstract

“…An XSS attack in OIDC, an attacker exploits the facility of an automatic authorization granting by which an automatic authorization response is created if a user had recently a session with the OIDC IdP and previously granted authorization for the same client/RP [31]. Using this facility, an attacker may be able to steal a user ac-cess token by exploiting an XSS vulnerability in the client/RP side.…”

Section: ) Xss Attack In Oidcmentioning

confidence: 99%