The presentation discusses two new techniques for attacking Single-Sign On (SSO) bugs in authentication tokens, focusing on vulnerabilities found in the .NET framework.
- Authentication tokens are used in SSO to delegate authentication to an identity provider
- The presentation focuses on step six of the authentication process, where the service provider receives the authentication token
- Two attack vectors are presented: injection vulnerabilities in token parsing and bypassing signature verification
- Two vulnerabilities in the .NET framework are discussed: an injection vulnerability leading to a betrayal constructor invocation and an XML signature bypass using duty confusion
- The presentation recommends patching and following Microsoft recommendations for the CVE
The presentation mentions that the team found an XML signature bypass vulnerability in the .NET framework that affected many Microsoft products. They reported it to Microsoft and it was patched, but there may be other vulnerabilities that have not been discovered yet.