Code comments cause SAML conundrum — Research Saturday
CyberWire Daily - Un pódcast de CyberWire, Inc.
Categorías:
Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries.
The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/