This past week, a new attack was discovered that exploits commonly used Security Assertion Markup Language (SAML) implementations. It was discovered that an attacker could modify SAML content without invalidating the cryptographic signature thus bypassing authentication and assuming the role of an authenticated user.
↧