Loading…
Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
View analytic
Thursday, October 11 • 11:45am - 12:20pm
Identity Theft: Attacks on SSO Systems

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
SAML is often the trust anchor for Single Sign-On (SSO) in most modern day organizations. This presentation will discuss a new vulnerability discovered which has affected multiple independent SAML implementations, and more generally, can affect any systems reliant on the security of XML signatures. The issues found through this research affected multiple libraries, which in turn may underpin many SSO systems.



The root cause of this issue is due to the way various SAML implementations traverse the XML DOM after validating signatures. These vulnerabilities allow an attacker to tamper with signed XML documents, modifying attributes such as an authenticating user, without invalidating the signatures over these attributes. In many cases, this allows an attacker with authenticated access to a SAML Identity Provider to access services as an entirely different user - and more easily than you’d expect.



This talk will also discuss another demonstrated class of vulnerabilities in user directories that amplify the impact of the previously mentioned vulnerability, and in some cases, can enable authentication bypasses on their own.

Speakers
avatar for Kelby Ludwig

Kelby Ludwig

Principal AppSec Engineer, Duo


Thursday October 11, 2018 11:45am - 12:20pm
Regency 1
  • NEW FIELD 1 Track 1

Attendees (55)