Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth. A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his or her password. Duo Security’s Duo Labs discovered the flaw and coordinated with the CERT/CC on disclosures from the affected vendors, which include Duo Security. The CERT/CC published an advisory on the flaw today.
ORIGINAL SOURCE: Dark Reading