Security News > 2024 > November > Cross-IdP impersonation bypasses SSO protections

Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity provider (IdP) – is expected to gain popularity with attackers, according to Push Security researchers. What is cross-IdP impersonation? Cross-IdP impersonation exploits a flaw in SSO configurations by allowing attackers to create fraudulent IdP accounts matching an organization’s domain, which are then used to access … More → The post Cross-IdP impersonation bypasses SSO protections appeared first on Help Net Security.

News URL

https://www.helpnetsecurity.com/2024/11/19/cross-idp-impersonation/