Skip to main content

Researchers find serious flaws in Single Sign On (SSO) services

posted onMarch 21, 2012
by l33tdawg

Researchers at Microsoft and Indiana University have uncovered some serious security flaws in Web-based single sign-on (SSO) services that could allow access to users accounts. Citing poor integration by website developers, the report states that a lack of end to end security checks is the main reason for the issue. 

"In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways," the researchers wrote in their report. Although the flaws have been fixed by the affected companies, “this study shows that the overall security quality of SSO deployments seems worrisome”, they noted.

Source

Tags

Security Microsoft Web

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th