Environment containing vulnerability mimicking CVE-2021-27582.
Query parameters (including redirect_uri
) of /authorize
are inherited by /consent
. Since /authorize
performs redirect_uri
validation, but /consent
does not, redirect_uri
validation can be bypassed, allowing an attacker to steal the user's authorization code.
Environment containing session poisoning vulnerability Chapter two: "redirect_uri" Session Poisoning.
A race condition vulnerability may occur when multiple authentication requests are sent simultaneously. An attacker can use Session Poisoning to modify the user's session information and redirect the user to an untrusted client's redirect_uri
to illegally obtain a token.
Environment containing LDAP injection vulnerability mimicking CVE-2021-29156.
An LDAP injection vulnerability exists in the WebFinger protocol. An attacker can exploit this vulnerability to steal user information.
Environment containing RP's XSS and IdP's authorization code consumption flaws.
By exploiting these vulnerabilities in a chain, an attacker can steal a victim's valid authorization code.
Environment containing open redirect vulnerability.
Since /authorize
don't perform redirect_uri
validation, an attacker can steal the user's authorization code by redirecting the user to an attacker's redirect_uri
.
Environment containing CSRF vulnerability.
RP does not perform CSRF protection, allowing an attacker to tie the victim's session to the attacker's one.
Environment containing ID spoofing vulnerability.
An attacker can modify the iss
or sub
of id_token
to impersonate the victim.
Environment containing Wrong Recipient vulnerability.
An attacker can modify the aud
of id_token
to impersonate the victim.
Environment containing ID Token Replay vulnerability.
An attacker can replay the id_token
to impersonate the victim.
Environment containing IdP Confusion vulnerability.
An attacker can confuse the victim to use the attacker's IdP and steal the victim's authorization code of the honest IdP.
Environment containing Malicious Endpoint vulnerability.
An attacker can confuse the victim to use the attacker's malicious token endpoint and steal the victim's authorization code.