How SAML Flaw bypasses password using Single-Sign-On
A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his or her password. Step one of SSO authentication is via the Identity Provider (IdP), which checks usernames and passwords, verifies account status, and prompts two-factor authentication. The [...]