SAML Flaws Discovered With SSO Implications

Kelby Ludwig – writing at Duo Lab’s has just posted a fascinating blog entry detailing their recent discovery of SAML vulns potentially affecting a range of implementations and deployments that could be both wide and deep. In this case, all being subject to what we like to call a flip/flop auth exploit (with zero knowledge of the attributes of the target’s password) and executed by leveraging the vulnerabilities under scrutiny. H/T

“This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password. – via Duo Lab’s Kelby Ludwig



*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: