Various single-sign-on systems can be hoodwinked to allow miscreants to log in as strangers without their password, all thanks to bungled programming. Specifically, the vulnerable authentication suites mishandle information submitted in the XML-like Security Assertion Markup Language (SAML). These weaknesses can be potentially exploited by hackers to log into systems, masquerade as other users, and access their accounts.
ORIGINAL SOURCE: The Register