this post was submitted on 12 Dec 2025
9 points (100.0% liked)

blueteamsec

566 readers
24 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
9
The Fragile Lock: Novel Bypasses For SAML Authentication (portswigger.net)
submitted 22 hours ago by digicat to c/blueteamsec
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] moonpiedumplings@programming.dev 3 points 20 hours ago

This post is a pretty good overview of why oauth2/openid are more popular.

Not to say that oauth/openid have never ever had vulnerabilities of their own, but there is a big difference between "accept these configurations" and what saml is, which is "parse this xml".