AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Into the Breach for ipod instal1/6/2024 ![]() ![]() The two different security mechanisms understand it differently, allowing the embed. How is this seemingly impossible feet accomplished? By abusing the extreme flexibility inherent in URI encoding. ![]() Put simply, the attack must set a single string that appears to be to the Oauth2 backend, but to the browser checking the security policy header. The first that must be overcome is the Oauth2 redirect_uri is used to check for a white-listed domain, as well as setting the allowed domain for the content-security-policy header. There are several security measures that are intended to prevent abuse of that embedded site. The sneaky trick used to make this work is an iframe that embeds the Apple sign-on page in the site. It all starts with the observation that has a sign-on that talks to, two separate domains. Does SSO ever compromise that hardening? If mistakes are made, absolutely, as discovered while looking at the Apple ID SSO system. At the same time, SSO is the useful ability to use your authentication on one service to authenticate with an unrelated site. Have you ever thought about all the complexities of a Single Sign On (SSO) implementation? A lot of engineering effort has gone into hardened against cross-site attacks - you wouldn’t want every site you visit to be able to hijack your Google or Facebook account. ![]()
0 Comments
Read More
Leave a Reply. |