Closed sadilchamishka closed 1 year ago
PR builder started Link: https://github.com/wso2/product-is/actions/runs/4445972331
PR builder completed Link: https://github.com/wso2/product-is/actions/runs/4445972331 Status: failure
PR builder started Link: https://github.com/wso2/product-is/actions/runs/4447668103
PR builder completed Link: https://github.com/wso2/product-is/actions/runs/4447668103 Status: failure
PR builder started Link: https://github.com/wso2/product-is/actions/runs/4461168208
PR builder completed Link: https://github.com/wso2/product-is/actions/runs/4461168208 Status: success
PR is under review
Proposed changes in this pull request
The nonce based replay attack protection is provided from the OIDC federated authenticators.
The replay attack
The authorization code flow of the federated authentication flow is targeted in this attack. As shown in the below figure, the authorization code response which is redirected to the authorization server (highlighted in red) can be hijacked and even block the redirection. Then the potential attacker can continue complete authorization flow from the beginning but without completing step 5, and play a redirection to the authorization server including the hijacked auth code of the victim.
The authorization flow is exposed to this type of attack due to not being able to prove the authorization request sender (redirection of step 3) is the same as the auth code receiver (step 6) for that corresponding authorization request.
Attack complexity is high due to the attacker having to intercept the auth code in step 06 and drop the redirection. The attacker can intercept the redirection and fetch the auth code as it is sent as a query param. Then if he succeeds in reaching the authorization server before the victim's request, the attacker can exploit.