Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-43 REQ030 Native Application + Authorization Code Flow: Prevent Impersonation of Resource Owner
  3. OAUTH2-100

REQ30.PREVENT Attacking ‘redirect_uri’ (leaking authorization codes through custom URI scheme)

    Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: 1.0-portal_7.1.0
    • Component/s: None
    • Labels:

      Description

      Undesirable postconditions:

      • Attacker can impersonate the victim on the OAuth2 service API at any time (until victim disconnects the Legitimate Application using the OAuth2 service user account management) through the legitimate application

       

      Preconditions:

      • The attacker manages to register a malicious application on the client device and registers a custom URI scheme that is also used by another application. The operating systems must allow a custom URI scheme to be registered by multiple applications

       

      Events flow:

      1. The victim follows the normal Authorization Code grant flow until the Authorization Service issues the HTTP redirect back to the legitimate redirect_uri
      2. Since the legitimate redirect_uri uses a custom URI scheme, and the malicious application is registered with the device OS to handle the URI scheme, the Authorization Code sent on the redirect_uri request are passed to malicious application
      3. The malicious application exchanges the Authorization Code for the Access Token

       

      Expected outcome: The OAuth provider should not provide the access token

       

      Mitigation @ OAuth2 provider:

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  1.0-portal_7.1.0