The bearer token protocol described in the document referenced in the
subject line is vulnerable to the following attack by a malicious
resource server.
There are two resource servers S1 and S2, S1 hosting a resource R1,
and S2 hosting a resource R2. Servers are not entitled to access
resources that they do not host. S1 is malicious. The client obtains
a broadly scoped access token that allows access to both resources.
The client uses the access token to obtain resource R1 from server S1.
Malicious server S1 then presents the access token received from the
client to server S2 and gains access to resource R2, which it is not
entitled to access.
Including the identity of the intended recipients in the token, as
recommended in Section 4.2, does not help, since the intended
recipients of the broadly scoped token include both R1 and R2.
Francisco
subject line is vulnerable to the following attack by a malicious
resource server.
There are two resource servers S1 and S2, S1 hosting a resource R1,
and S2 hosting a resource R2. Servers are not entitled to access
resources that they do not host. S1 is malicious. The client obtains
a broadly scoped access token that allows access to both resources.
The client uses the access token to obtain resource R1 from server S1.
Malicious server S1 then presents the access token received from the
client to server S2 and gains access to resource R2, which it is not
entitled to access.
Including the identity of the intended recipients in the token, as
recommended in Section 4.2, does not help, since the intended
recipients of the broadly scoped token include both R1 and R2.
Francisco
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf