Monday, April 27, 2009

Vulnerability on OAuth

What's OAuth?
  • It is an an open protocol to allow API access authorization.
  • It allows user to grant access on specific user's data to online providers, like OpenID.
  • OpenID provides the authentication and then OAuth gives access to the user's properties and attributes without giving all other information to the provider.
Summary of the Vulnerability
  • It is similar to a session fixation vulnerability (it's not session related).
  • The attacker can get a legitimate request token from one site, then entice a victim to click on a link with that token.
  • The link brings the victim to a page for approving access for site to access personal information.
  • The attacker can then finishes the authorization and get access to whatever information was approved to be accessed by the site.
The advisory and the detail can be accessed at OAuth site.

Below is a list of affected vendors: