Klemen / bratec.si

Ramblings about software development, IT and security.

The road to hell is paved with SAML assertions

A vulnerability in Microsoft Office 365 SAML Service Provider implementation allowed for cross domain authentication bypass affecting all federated domains. An attacker exploiting this vulnerability could gain unrestricted access to a victim's Office 365 account, including access to their email, files stored in OneDrive etc. »
Author's profile picture Klemen Bratec on Security