A behavioral quirk in SAML libraries has left many single-sign-on (SSO) implementations vulnerable to abuse. It allows an attacker that has gained any authenticated access to trick the system into granting further access as a different user without knowledge of that user's password.
from SecurityWeek RSS Feed http://ift.tt/2origFK
via https://ifttt.com/ IFTTT
No comments:
Post a Comment