Single Sign-On (SSO) is an authentication process that allows users to access multiple services with a single set of login credentials. Although SSO improves the user
experience, it poses challenges to developers to implement complex authentication protocols securely. External services, called brokers, simplify the integration of SSO.
In this paper, we shed light on the emerging brokered SSO ecosystem, focusing on the security of the newly introduced actor, the broker. We systematically evaluate the landscape of brokered SSO, uncovering significant blind spots in previous research. Our study reveals that 25% of the websites with SSO integrate brokers for authentication, an area that has not been covered by any previous research.
Through our comprehensive security evaluation, we identify three categories of threats associated with brokered SSO: (1) insufficient validation of redirect chains enabling injection attacks, (2) unauthorized data access enabling account takeovers, and (3) violations of security best current practices.
We expose vulnerabilities in over 50 brokers, compromising the security of more than 2k websites. These findings represent only a lower bound of a critical situation, underscoring the urgent need for improved security measures and protocols to safeguard the integrity of brokered SSO systems.
Single Sign-On (SSO) is an authentication process that allows users to access multiple services with a single set of login credentials. Although SSO improves the user
experience, it poses challenges to developers to implement complex authentication protocols securely. External services, called brokers, simplify the integration of SSO.
In this paper, we shed light on the emerging brokered SSO ecosystem, focusing on the security of the newly introduced actor, the broker. We systematically evaluate the landscape of brokered SSO, uncovering significant blind spots in previous research. Our study reveals that 25% of the websites with SSO integrate brokers for authentication, an area that has not been covered by any previous research.
Through our comprehensive security evaluation, we identify three categories of threats associated with brokered SSO: (1) insufficient validation of redirect chains enabling injection attacks, (2) unauthorized data access enabling account takeovers, and (3) violations of security best current practices.
We expose vulnerabilities in over 50 brokers, compromising the security of more than 2k websites. These findings represent only a lower bound of a critical situation, underscoring the urgent need for improved security measures and protocols to safeguard the integrity of brokered SSO systems.
The CRC 1280 investigates on extinction learning
We can easily learn and store new information. However, we are equally able to learn that once acquired information is no longer valid, and cease to respond to it. While the initial acquisition of knowledge is well studied, the process of extinction is far less understood.
Extinction involves both forgetting as well as a new learning process that is different and far more complex than the initial learning event. Extinguished responses do not simply disappear but can return under diverse conditions – potentially turning them into invasive components of psychopathological conditions. Despite its relevance, the behavioral, the neural, and the clinical aspects of extinction are by far not understood.
Our Collaborative Research Center CRC 1280 aims to study the neural, behavioral, ontogenetic, educational, and clinical mechanisms of extinction in various species, including humans. The diversity of our approaches at the systems and at the methodological level is combined with a high level of homogeneity at structural, experimental, technical, and conceptual levels: At the structural level, all neurobiological and clinical groups concentrate on a network of anatomical structures that are core constituents of extinction learning. At the experimental design level, most studies utilize similar approaches to maximize transfer of data and knowledge between research groups. In addition, wherever possible, experimental projects utilize causal manipulations to achieve mechanistic insights.
0Collections1Works
