In this post we show a novel attack on OpenID Connect 1.0, which compromises the security of the entire protocol - the Malicious Endpoints attack. The idea behind
the attack is to influence the information flow in the Discovery and
Dynamic Registration Phase in such a way that the attacker gains access
to sensitive information.