SoylentNews

Fnord666 [soylentnews.org] writes:

A behavioral quirk in SAML libraries has left many single-sign-on (SSO) implementations vulnerable to abuse. It allows an attacker that has gained any authenticated access to trick the system into granting further access as a different user without knowledge of that user's password.

This could be used by an attacker who has compromised a low level limited access account to acquire access to third-party cloud services -- or it could be used by a malicious insider seeking access to reserved network areas (such as the payroll databases, or HR records).

The vulnerability was discovered by the research team of Duo Security, itself an SSO provider; and is described in a blog posted [duo.com] today. It affects many of the leading SSO providers, and probably affects the majority of proprietary company SSO developments.

[...] Not all SSO implementations are vulnerable to this glitch; but Duo has demonstrated that many are. All that is required from the attacker is a genuine account that he can 'modify' to his attack target, plus the relatively minor technical savvy to intercept and edit the SAML authentication as it passes through the browser.

Source: https://www.securityweek.com/widespread-vulnerability-found-single-sign-products [securityweek.com]

Original Submission