New vulnerability allows attackers to trick single sign on systems

Single sign on (SSO) is popular with businesses as it allows control of access to multiple resources without the need for lots of different credentials. But researchers at Duo Security have uncovered a vulnerability that can allow attackers to trick systems based on the commonly used SAML (Security Assertion Markup Language) into giving them a higher level of access. Armed with an existing ID and password an attacker with only moderate technical skill can fool the SAML system into authenticating as another user without needing to know that user's password. Since most corporate systems have a standard pattern for user… [Continue Reading]