Episode 199 - GluuFederation/identerati-office-hours GitHub Wiki
Title: Mix-Up Attacks in MCP: Understanding Multi-Issuer Confusion and How to Prevent Them
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Emily Lauber, Sr. Product Manager Microsoft
Channels
Description
As Model Context Protocol (MCP) deployments grow in complexity, they increasingly span multiple authorization servers and identity providers across tools, registries, gateways, and enterprise environments. This architectural flexibility introduces a serious but often overlooked class of security vulnerability known as a mix-up attack — where a client or intermediary misidentifies which issuer it is communicating with and inadvertently routes authentication artifacts such as tokens to the wrong party, potentially a malicious one. By Emily Lauber of Microsoft, establishes a concrete threat model for mix-up attacks within MCP-style topologies (client ↔ server ↔ authorization server). It examines how issuer confusion arises in multi-party deployments and outlines the practical mitigations currently under discussion in the Auth Mix-Up Attack Prevention Working Group. It also addresses the realistic adoption path for these mitigations — distinguishing between what can be implemented today at the SDK and server level versus what requires formal standardization through the MCP Core specification or existing standards such as OAuth.
Homework
Takeaways
TBD