SAML authenticators should update to patched versions: The flaw has been addressed through patches in samlify versions 2.10.0 and later.Researchers have recommended that systems using SAML authentication must update to a fixed version and ensure “secure SSO flows: implement HTTPS and avoid untrusted sources for SAML flows.”SAML-powered SSO supports a range of use cases: enterprise applications, SaaS integrations with identity providers like Okta or Azure AD, federated identity across organizations, and developer platforms needing secure user authentication. A full authentication bypass through this flaw could enable attackers to gain access to sensitive resources, private data, or privileged actions under the impersonated identity.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3993262/samlify-bug-lets-attackers-bypass-single-sign-on.html
