Search Constraints
Filtering by:
Creator / Contributor
Tommaso Innocenti
Remove constraint Creator / Contributor: Tommaso Innocenti
1 entry found
Number of results to display per page
Search Results
-
- Description:
- Single Sign-On (SSO) is an authentication process that allows users to access multiple services with a single set of login credentials. Although SSO improves the user experience, it poses challenges to developers to implement complex authentication protocols securely. External services, called brokers, simplify the integration of SSO. In this paper, we shed light on the emerging brokered SSO ecosystem, focusing on the security of the newly introduced actor, the broker. We systematically evaluate the landscape of brokered SSO, uncovering significant blind spots in previous research. Our study reveals that 25% of the websites with SSO integrate brokers for authentication, an area that has not been covered by any previous research. Through our comprehensive security evaluation, we identify three categories of threats associated with brokered SSO: (1) insufficient validation of redirect chains enabling injection attacks, (2) unauthorized data access enabling account takeovers, and (3) violations of security best current practices. We expose vulnerabilities in over 50 brokers, compromising the security of more than 2k websites. These findings represent only a lower bound of a critical situation, underscoring the urgent need for improved security measures and protocols to safeguard the integrity of brokered SSO systems.
- Keyword:
- Single Sign-On and Identity Broker
- Subject:
- IT Security, Single Sign-On, Authorization and Authentication, and Identity Brokers
- Publisher:
- Language:
- English
- Date Uploaded:
- 2024-10-02
- Date Modified:
- 2024-10-08
- License:
- MIT License
- Resource Type:
- Dataset