Microsoft Patches Office 365 Platform Against SAML Exploit

Status
Not open for further replies.
A

Alkajak

Thread author
Microsoft Patches Office 365 Platform Against SAML Exploit

Within seven hours of being notified of a serious authentication bypass flaw in its SAML system for the Office 365 platform, Microsoft issued a temporary patch and started work on a permanent fix to address the issue, two security researchers have revealed today.

SAML is short for Security Assertion Markup Language, an XML-based standard that governs how two parties talk to each other for the purpose of authenticating and authorizing users to access various resources.

At Microsoft, SAML is used to handle user identities across the Office 365 platform. SAML allows a company that is hosting a domain on the platform (like office-services.company.com) to authenticate users based on their identities, which can often be shared between multiple domains.

Two security researchers, Klemen Bratec and Ioannis Kakavas, discovered last December that Microsoft's SAML Service Provider implementation was vulnerable to an authentication bypass that allowed attackers to authenticate on the service and access a victim's data, on all shared domains.

The vulnerability was easy to exploit
The vulnerability's details have been explained by both researchers on their blogs, but the concept is simple. An attacker who has a domain hosted on the Office 365 platform can add email accounts to their domain from an organization they want to hack into.

When logging in, the researchers say that an exploit allowed them to fool the platform and allow an attacker to authenticate and then access the other domain instead.

Worse is that the exploit seems to allow access to resources that were not using SAML as their login solution. This included organizations that had deployed ActiveDirectory-based federated logins as well.

Researchers said the flaw could have been used by an attacker to log into the Office 365 platforms for some of Microsoft's clients such as British Airways, Japan Airlines, Aston Martin, IBM, Intel, Cisco, Pricewaterhouse Coopers (PwC), Verizon, Vodafone, Pfizer, and multiple universities across the US.
 
  • Like
Reactions: Tony Cole
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top