Google closes hole in Single Sign-On service

Google plugs Single Sign-On HoleGoogle has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.

The vulnerability, described in this white paper (.pdf), affects the SAML Single Sign-On Service for Google Apps.

This US-CERT notice describes the issue:

A malicious service provider might have been able to access a user’s Google Account or other services offered by different identity providers.

Google has addressed this issue by changing the behavior of their SSO implemenation. Administrators and developers were required to update their identity provider to provide a valid recipient field in their assertions.

To exploit this vulnerability, an attacker would have to convince the user to login to their site.* Hat tip: Heise Security.

[Source: zdnet]