New vulnerability allows attackers to trick single sign on systems
Single sign on (SSO) is popular with businesses as it allows control of access to multiple resources without the need for lots of different credentials.
But researchers at Duo Security have uncovered a vulnerability that can allow attackers to trick systems based on the commonly used SAML (Security Assertion Markup Language) into giving them a higher level of access.
Armed with an existing ID and password an attacker with only moderate technical skill can fool the SAML system into authenticating as another user without needing to know that user's password. Since most corporate systems have a standard pattern for user IDs it isn't hard to find or guess other IDs, so provided you have one set of credentials to begin with -- either legitimate or gained via social engineering -- you can gain a higher level of access.
SAML is used across many different SSO systems so products affected span a number of different vendors, these include OneLogin, Clever, OmniAuth, Shibboleth and Duo Network Gateway. It's recommended that anyone relying on SAML-based SSO updates their software and patches the vulnerability.
"An attacker who exploits this vulnerability can gain access to anything that a user has access too, this could be a co-worker on your own team but could also be someone at the executive level," says Steve Manzuik, director of security research at Duo. "We've identified multiple affected vendors and patches are being released soon, we want people to update their systems. If an organization isn’t sure if it's affected it should contact the service provider it's using for SSO and see if a SAML system is involved."
You can find more detail about the vulnerability on the Duo blog.