Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called “Golden SAML” lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication of users against cloud services.

Golden SAML is not a tool that hackers can use to break into secure enterprises but is a technique used after an attacker has compromised a company.

The name of this technique was not chosen at random, being a variation of the “Golden Ticket” attack, also known as Pass-the-Ticket. Discovered and detailed by Benjamin Delpy, the author of the Mimikatz tool, the Golden Ticket attack relies on an attacker compromising a Kerberos server and using it to forge authentication tickets for apps that use that Kerberos server for authentication.

Read more at – Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

Allidm Identity Access Management Post Image

Tags: , ,