/dev/posts/

Risk of reflected cross site scripting and Content-Security-Policy bypass in the WebSub intent verification

Published:

I was reading the WebSub specification (formerly PubSubHubbub) when I found that there was a risk of reflected browser-side code injection (reflected cross site scripting, reflected XSS) in the WebSub intent verification exchange.

Read more…

Authority Ambiguity Vulnerabilities in NGINX and Debian’s proxy_params

Friends don't let friends use $http_host

Published:

Two related authority-ambiguity vulnerabilities in NGINX and Debian's proxy_params configuration snippet.

Read more…

Keycloak UMA vulnerabilities

Published:

Keycloak's UMA implementation seems tricky to me.

Read more…

Malicious authorization server attack in UMA 2.0

Published:

In a previous post, I described a pass-the-permission-ticket vulnerability in UMA 2.0 in which a malicious UMA resource server could kindly ask a UMA client to give it access tokens actually intended for another UMA resource server. In this post, I am describing a similar attack when the authorization server is malicious.

Read more…

Pass-the-permission-ticket vulnerability in UMA 2.0

Published:

In the User-Managed Access (UMA) 2.0 protocol, a malicious resource server (or a malicious server acting as a resource server) can obtain a requesting party (access) token (RPT) intended for another UMA resource server from a UMA client by passing a permission ticket obtained from the target resource server to the UMA client. This can compromise the privacy (confidentiality) and integrity of UMA protected resources.

Read more…

WebSub sequence diagram

Published:

A sequence diagram for WebSub (formerly PubSubHubbub).

Read more…

The FBI recommends using ad blockers

Trust no one

Published:

An interesting note from the FBI.

Read more…

UMA 2.0 diagrams

Published:

Some diagrams (mostly sequence diagrams) about UMA 2.0.

Read more…

MIME-type spoofing in Firefox/Thunderbird and file managers

Published:

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Read more…

Code execution through MIME-type association of Mono interpreter

Published:

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

Read more…

Page 1 of 3 | | | JSON Feed | Atom Feed | RSS Feed