![Code comments cause SAML conundrum. [Research Saturday]](https://megaphone.imgix.net/podcasts/064a16f2-df0d-11ea-b61d-67f80911eafc/image/research-saturday-cover-art-cw.jpg?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Season 2 · Episode 28
Code comments cause SAML conundrum. [Research Saturday]
Code comments cause SAML conundrum
CyberWire Daily · N2K Networks
March 24, 201819m 2s
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries.
Learn more about your ad choices. Visit megaphone.fm/adchoices