Monday, November 27, 2017

Ever Heard of "Golden SAML" - This is a technique for Compromising (SAML based) SSO


The pre-reqs  for this are heavy however,the returns could be great for the hackers


It could allow an attacker to fake enterprise user identities and forge authentication to gain access to valuable cloud resources in a federation environment

“Golden SAML poses serious risk because it allows attackers to fake an identity and forge authentication to any cloud app (Azure, AWS, vSphere, etc.) that supports SAML authentication. Using this post-exploit technique, attackers can become any user they want to be – with the highest level of privileges – and gain approved, federated access to a targeted app,” researchers wrote.

The prerequisites of such attacks, however, are considerable. Among other things, hackers will need the private key that signs the SAML objects, an Active Directory Federation Services user account, token-signing private key, an identity provider (IdP) public certificate and an IdP name.

For More
https://threatpost.com/saml-post-intrusion-attack-mirrors-golden-ticket/128993/

No comments:

Post a Comment