Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity provider (IdP) – is expected to gain popularity with attackers, according to Push Security researchers. What is cross-IdP impersonation? Cross-IdP impersonation exploits a flaw in SSO configurations by allowing attackers to create fraudulent IdP accounts matching an organization’s domain, which are then used to access … More
The post Cross-IdP impersonation bypasses SSO protections appeared first on Help Net Security.
