Researchers at Microsoft and Indiana University recently uncovered security flaws in Web-based single sign-on (SSO) services that could allow hackers to access users' accounts.
"A report [PDF file] prepared by the researchers cited poor integration by website developers of the application programming interfaces and a lack of end-to-end security checks as the reasons for the flaws," Infosecurity reports.
"'In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways,' the researchers wrote in their report," the article states.
Go to "Researchers discover flaws in SSO that leave websites vulnerable" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.