25th April 2021, Kathmandu

Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls

A category of vulnerability detected in a number of Single Signal-On (SSO) companies may enable attackers to hack into company techniques, safety researchers at NCC Group warn.

SSO expertise is a strategy for authentication and identification administration that enables enterprise customers to entry to an array of company functions via a single (usually third-party) service.

The expertise, which has been extensively adopted amongst enterprises, affords comfort to customers as a result of it will get around the necessity to handle a number of office passwords.

In addition to reducing down on helpdesk calls, the expertise affords a solution to handle credentials and privileges from a single location and will increase safety – a minimum of in concept.

Safety researcher Adam Roberts of NCC Group has found related vulnerabilities in a number of SSO companies that depend on Safety Assertion Markup Language (SAML) to authenticate customers.

These implementation flaws create a possible means to interrupt into techniques and trigger all methods of mischief, Roberts warns in a technical blog post.


Please enter your comment!
Please enter your name here