SAML flaw allows attackers
Cyber security firm Duo Labs uncover a serious flaw that affects the SAML single sign-on systems. The SAML flaw allows attackers to authenticate as another user without the person’s SSO password.
SAML (Security Assertion Markup Language), is an XML framework, used for exchanging data between authentication and authorization parties. The use of SAML is single sign-on (SSO) solutions that allow users to log into accounts using one single identity. When users try to login into other enterprise apps, those apps make requests to the local SSO server via SAML.
SAML-based SSO operations
According to Duo Labs, the flaw affects various SSO software and several open-source libraries meant to support SAML-based SSO operations.
The flaw alters the reaction when once a username and password has checked. Then it sends a message to the user’s browser to log them in. If an attacker alters the response, the validating signature is also changing, but if the signatures aren’t properly checked, the framework is unaware. The results of the attack differ between services in danger by the bug.
The main condition for an attacker to exploit this flaw is having a registered account on the victim’s network. So, it can query the SAML provider and forge requests to trick SAML frameworks into authenticating as a different user.
Duo Labs researchers say, the identified SSO vendors vulnerable to such attacks and vendors that used libraries to parse SAML’s XML-based authentication requests. However, the flaw doesn’t affect all SAML-based SSO providers. SAML providers (both identity and service) are very configurable, so the impact may increase or decrease.
Cybersecurity researchers suggest, network admins can configure a trusted email address domain names to limit who can register on the network. Although, this is not a reliable protection measure and a determined attacker will find a way around it.