Hello Greeting Everyone ! Today in this Blog We will Explore How 0auth Authentication schema Vulnerable if it not properly configured . In This Blog we will Discuss Common attacks flow on 0auth , how 0auth work .
Before We start What is 0auth ?
OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” Suppose you can tell Facebook that it’s OK for securiumsolutioons.com to access your profile or post updates to your timeline without having to give securium your Facebook password. This is How 0auth Flow work .
As below Some Important Element which are important to understand in an OAuth 2.0 contex,
resource owner, resource server, client application, authorization server, client_id, client_secret, response_type, scope, redirect_uri, state, grant_type
On 0auth this elements which has different functionality it carries Full Authentication For user .
Common Security Risk: 0auth has Different Security Issue If You forgot To Configure It properly This Cause
- Authentication bypass via OAuth implicit flow
- Forced OAuth profile linking
- OAuth account hijacking via redirect_uri
- Stealing OAuth access tokens via an open redirect
- Stealing OAuth access tokens via a proxy page
Authentication bypass via OAuth implicit flow Example Attack Scenario :
As above picture we See We have website And See here we have Option My account section . Now Click On My account which is 0auth authentication flow , Look Below Picture As we See Social Login
As above picture we see Social Login which contain 0auth Now After Successfully Logged In It will ask you to allow to access service as below Picture:
Now as above picture Continue Which Creates authorization After Continue It Process another Request As Below Picture
Now it carries token and username email Now Here Change Email To Victim In Our case Victim Is [email protected]
As above picture we change email To Victim And Forward This Request and As result Cause account takeover and Now we can access Victim account carlos
As above We successfully Logged In As Victim It Possible Due to validation bypass in “email” parameter in OAUTH flow, Flawed validation by the client application makes it possible for an attacker to log in to other users’ accounts without knowing their password.
Conclusion : In This Blog We Discussed How 0auth flow work We discussed How Basic auth misconfiguration lead to takeover user account . There’s plenty of other attacks and things that can go wrong in an OAuth implementation, but these are some of the common issue that you will see. These misconfigurations are surprisingly common.
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/