Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2024/02/29 3:21 p.m.47 views

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/05 12:29 p.m.21 views

Mitigation of Supply Chain Risks in Microsoft 365

In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...

0.4AI score
Exploits0
Kitploit
Kitploit
added 2018/01/06 8:45 p.m.21 views

shimit - A tool that implements the Golden SAML attack

shimit is a python tool that implements the Golden SAML attack. More informations on this can be found in the following article on our blog. python .\shimit.py -h usage: shimit.py -h -pk KEY -c CERT -sp SP -idp IDP -u USER -reg REGION --SessionValidity SESSIONVALIDITY --SamlValidity SAMLVALIDITY ...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2016/06/28 12:0 a.m.7 views

Unspecified vulnerability in RubyGems ruby-saml

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A security vulnerability exists in RubyGems Ruby-saml versions prior to 1.3.0. An attacker could exploit this vulnerability to perform an XML signatur...

7.5CVSS6.8AI score0.01208EPSS
Exploits0References1
Rows per page
Query Builder