This blog post will describe a class of vulnerability detected | PT SWARM
This blog post will describe a class of vulnerability detected in several SSO services assessed by NCC Group, specifically affecting Security Assertion Markup Language (SAML) implementations. The flaw could allow an attacker to modify SAML responses generated by an Identity Provider, and thereby gain unauthorized access to arbitrary user accounts, or to escalate privileges within an application.
Exploit techniques: • Attribute injections – where the injection occurs in a SAML attribute associated with the account in the Identity Provider. • InResponseTo injections – where the injection affects the “InResponseTo” attribute of the SAML response.
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...