OpenID Connect Anonymous Account
Discription

OpenID Connect is an identity layer on top of the OAuth 2.0 protocol which aims to determine the provider URL for an end user. By leveraging the `/.well-known/webfinger` endpoint, it is sometimes possible to determine if an anonymous account exists on the target server. By leveraging this information, a remote and unauthenticated attacker could logon using the anonymous account and try conducting further attacks being authenticated.Read More

Back to Main

Subscribe for the latest news: