Skip to main content

Researchers find serious flaws in Single Sign On (SSO) services

posted onMarch 21, 2012
by l33tdawg

Researchers at Microsoft and Indiana University have uncovered some serious security flaws in Web-based single sign-on (SSO) services that could allow access to users accounts. Citing poor integration by website developers, the report states that a lack of end to end security checks is the main reason for the issue. 

"In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille,, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways," the researchers wrote in their report. Although the flaws have been fixed by the affected companies, “this study shows that the overall security quality of SSO deployments seems worrisome”, they noted.



Security Microsoft Web

You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th