Detections
Analytics

OpenID Connect Anonymous Account

info Web App Scanning Plugin ID 113972

Language:

Synopsis

OpenID Connect Anonymous Account

Description

OpenID Connect is an identity layer on top of the OAuth 2.0 protocol which aims to determine the provider URL for an end user. By leveraging the `/.well-known/webfinger` endpoint, it is sometimes possible to determine if an anonymous account exists on the target server. By leveraging this information, a remote and unauthenticated attacker could logon using the anonymous account and try conducting further attacks being authenticated.

See Also

https://openid.net/specs/openid-connect-discovery-1_0.html

Plugin Details

Severity: Info

ID: 113972

Type: remote

Published: 7/24/2023

Updated: 7/24/2023

Scan Template: basic, full, pci, scan