On this episode of Pentesters Chat, our team explores single sign on (SSO). The testers debate the good and the bad that comes with SSO, like:
- Improved user experience with only needing to log in once to access multiple application and services.
- Credential stuffing after a user's credentials are compromised and attackers can potentially use these creds to attempt unauthorized access to other services.
- Centralized access control for administrators to manage user access to multiple applications from a single point.
- Account takeover via identity providers (IdPs) misconfiguration could allow an attacker to take over accounts or impersonate legitimate users.
On this episode from the Sprocket Team:
Ron EdgersonNate Fair
