by TechCW » Tue May 10, 2011 3:32 am
Researchers have detected a serious
vulnerability in some implementations of OpenID 2.0, which could enable malicious attackers to could gain unauthorized access to a user's account by altering traveling information.
The security flaw, which exists in several instances of the parties that implement
Attribute Exchange (AX), a function that permits sites to exchange information between endpoints, prevents some sites from confirming that the information passing through AX has been signed.
Subsequently, AX could validate all of the passing information, including the identity of an unknown user, which enables an attacker to modify the data to his or her advantage or impersonate a victim without detection.
Full Story:
CRNResearchers have detected a serious [url=http://www.crn.com/channel-encyclopedia/definition.htm?term=vulnerability&x=&y=]vulnerability[/url] in some implementations of OpenID 2.0, which could enable malicious attackers to could gain unauthorized access to a user's account by altering traveling information.
The security flaw, which exists in several instances of the parties that implement [url=http://www.crn.com/channel-encyclopedia/definition.htm?term=Attribute&x=&y=]Attribute[/url] Exchange (AX), a function that permits sites to exchange information between endpoints, prevents some sites from confirming that the information passing through AX has been signed.
Subsequently, AX could validate all of the passing information, including the identity of an unknown user, which enables an attacker to modify the data to his or her advantage or impersonate a victim without detection.
:arrow: Full Story: [url=http://www.crn.com/news/security/229403088/openid-security-flaw-lets-hackers-impersonate-users.htm;jsessionid=tsJloj0TsXur6toK9NbdZQ**.ecappj03?cid=rssFeed]CRN[/url]
The team
Delete all board cookies• All times are UTC - 5 hours [ DST ]