OpenID Connect is an identity layer on top of the OAuth 2.0 protocol which aims to determine the provider URL for an end user. By leveraging the `/.well-known/webfinger` endpoint, it is sometimes possible to determine if an anonymous account exists on the target server. By leveraging this information, a remote and unauthenticated attacker could logon using the anonymous account and try conducting further attacks being authenticated.Read More