none
SAML - dubbed 'dupe key confusion,' - Info request RRS feed

  • Question

  • Hi,

    I heard about about an issue 

    SAML authentication bypass threatens Microsoft
    Presented in Black Hat 2019 (August)
    Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation.

    Can anyone provide me official comments (and eventual mitigation) from Microsoft about this?

    Thanks,

    JD

    Monday, September 9, 2019 10:17 AM

Answers