8 January 2016

Flaws in OAuth protocol

A formal scientific analysis of the principles and mechanisms underlying OAuth 2.0 has been published. Two weaknesses have been identified. The rest of the protocol has been formally recognised as sound and secure. The weaknesses are

  • allowing HTTP Temporary redirect (status 307), which can cause a browser to disclose sensitive information to a malicious Resource Server
  • an attack on the Resource Server, tricking it to rely on a malicious Identity Provider (possibly using OpenId)
No exploits on these weaknesses are currently known to exist in the wild and the authors have proposed solutions for the vulnerabilities, which are being adopted by the working groups for OAuth and OpenID Connect.