/>
X
Business

Google closes hole in Single Sign-On service

Google has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.The vulnerability, described in this white paper (.
Written by Ryan Naraine, Contributor on
Google has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.

The vulnerability, described in this white paper (.pdf), affects the SAML Single Sign-On Service for Google Apps.

This US-CERT notice describes the issue:

A malicious service provider might have been able to access a user's Google Account or other services offered by different identity providers.

Google has addressed this issue by changing the behavior of their SSO implemenation. Administrators and developers were required to update their identity provider to provide a valid recipient field in their assertions.

To exploit this vulnerability, an attacker would have to convince the user to login to their site.* Hat tip: Heise Security.

Editorial standards

Related

The 21 best Black Friday deals under $30 ahead of Cyber Monday
Amazon Fire TV Stick 4K

The 21 best Black Friday deals under $30 ahead of Cyber Monday

The 62 best Black Friday deals at Costco ahead of Cyber Monday
LG 65" Class - QNED80 Series

The 62 best Black Friday deals at Costco ahead of Cyber Monday

The 52 best Black Friday deals on Amazon ahead of Cyber Monday
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 52 best Black Friday deals on Amazon ahead of Cyber Monday