CVE-2018-0486 Staying alert with your single sign-on application especially IDP vulnerability

CVE-2018-0486: Shibboleth(SAML IDP) open source vulnerability is currently awaiting analysis. For more details, see below url for reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-0486

During my penetration test engagement in past. I was surprised that no matter airline , financial and retail industries web online application solutions are deployed open source single-sign on resources. An incident occurred in Equifax which awaken the business world that open source application has potential inherent risk. It will jeopardize your firm reputation. It looks that a very popular SAML IdP open source has vulnerability occurs. What is your comment? Remark: You can also find the details on attached picture diagram.

One thought on “CVE-2018-0486 Staying alert with your single sign-on application especially IDP vulnerability”

Comments are closed.