A Breakdown of the New SAML Authentication Bypass Vulnerability
Several weeks ago a new critical vulnerability was discovered that affects many SAML implementations. This vulnerability was first reported by Kelby Ludwig of Duo Security and is particularly interesting to us (as a user management company) as it can be used to bypass authentication in a sinisterly simplistic way.
In this post, we’ll take an in-depth look at this new SAML vulnerability, what it is, how it works, and what you need to know to protect yourself.
NOTE: Just in case you’re wondering whether or not Okta is vulnerable to this new issue: we aren’t >;)