![Research Saturday 3.24.18](/images/social-media/2018/03/cw-research-saturday-032418-690.jpg)
Code comments cause SAML conundrum.
Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries.