25th April 2021, Kathmandu
Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls
A category of vulnerability detected in a number of Single Signal-On (SSO) companies may enable attackers to hack into company techniques, safety researchers at NCC Group warn.
SSO expertise is a strategy for authentication and identification administration that enables enterprise customers to entry to an array of company functions via a single (usually third-party) service.
In addition to reducing down on helpdesk calls, the expertise affords a solution to handle credentials and privileges from a single location and will increase safety – a minimum of in concept.
These implementation flaws create a possible means to interrupt into techniques and trigger all methods of mischief, Roberts warns in a technical blog post.