Security "Bits"

Some cures are worse than the disease...

By Anurag Kahol | March 1, 2018 at 1:39 PM


SAML Single-Sign-On is an excellent first step in improving the security of your cloud applications.  But the cure may be worse than the disease, depending on which SSO solution you use.

Duo Security posted a newly disclosed SAML vulnerability allows attackers to fool single sign-on systems and authenticate themselves as other users.   Tech Target reports

The flaw in SAML (Security Assertion Markup Language), an open standard protocol for identity and access management, was discovered by multifactor authentication provider Duo Security, Inc., which found the vulnerability in one of its own products as well as five other products from different vendors. According to Duo Security, the SAML vulnerability allows a threat actor who already has authenticated access in a single sign-on (SSO) system to authenticate as another user without that individual's SSO password.

Kelby Ludwig, senior application security engineer at Duo Security, discovered the SAML vulnerability in the Duo Network Gateway while conducting an internal product review. Soon after, he found the flaw lurking in other SSO products from OneLogin, Clever, OmniAuth and Shibboleth.

Bitglass customers who use our native SAML SSO need not worry.  Our solution is not based on this library and is not susceptible to the vulnerability.

Bitglass is the only CASB that includes SAML SSO.  Get a free trial of the Bitglass Next-Gen CASB today!



see all