The Postman: a Journey of Ethical Hacking in PosteID/SPID Borderland
This paper presents a vulnerability assessment activity that we carried out on PosteID, the implementation of the Italian Public Digital Identity System SPID by Poste Italiane. The activity led to the discovery of a critical privilege escalation vulnerability, which was eventually patched. The...