genew@telus.net
Date: Wed, 28 Feb 2018 08:50:15 -0800
[Bonus risk included! (The headline states that the bug was in the protocol,
but it is actually in the implementation.)]
Zack Whittaker for Zero Day, 27 Feb 2018 http://www.zdnet.com/article/saml-protocol-bug-puts-single-sign-on-accounts-at-risk/
A validation bug in how some single sign-on products implemented an open authentication standard could have allowed an attacker to log in to a site or service as though they were the victim they were targeting.
selected text:
But this new vulnerability lets an attacker take the authenticated response to a login request and switch a portion with an attacker's information instead.
That means an attacker can log in as though they were the victim they were targeting.
The exploit works by modifying the response once a username and password has
been verified. It then sends a message back to the user's browser to log
them in. If an attacker modifies the response, the validating signature is
also meant to change -- but if the signatures aren't properly checked, the
system is none the wiser.Duo researchers said the results of the attack
"varies greatly" between services at risk by the bug.