Enterprises could be exposing themselves to by increasingly relying on single sign-on (SSO) according to a new report from Doyensec, in collaboration with Teleport.
Although sold by identity providers (IdPs) for their convenience and security, SSO solutions can amplify the impact of breaches. The research shows these impacts can be significantly mitigated once additional layers of security are placed between the IdP and the linked applications and services.
“No SSO provider should be assumed to be secure,” says Ev Kontsevoy, CEO at Teleport. “With SSO, if one individual’s identity is compromised, you could be handing over the master key to the castle. SSO does offer considerable convenience, but unauthorized access to one individual’s credentials exposes every platform and service for which that individual has privileges. Without additional defense in place, SSO by itself does not thwart identity-based attacks.”
Teleport worked with Doyensec to simulate IdP attack vectors ranging from full IdP compromise (affecting all IdP customers) to compromise of an IdP instance (affecting a specific company) through both privileged or unprivileged users. The latter is more common, with entry patterns used by attackers including social engineering, broad-based or spear phishing campaigns, bribing employees for 2FA codes, prompt-bombing, credential stuffing, session hijacking, password spraying, and access token leakage.
The potential impact of IdP compromise can include the theft of application and user data, impersonation of non-privileged and privileged users, spying on users and activity, downgrading of service provider security, and creation of new users and credentials.
“What’s clear is that vulnerabilities in SSO and IdP platforms can have catastrophic impacts,” says Luca Carettoni, CEO at Doyensec. “Applying a defense-in-depth security layer on top of service providers can significantly limit the outcomes of a successful SSO provider compromise and reduce the impact against the protected infrastructure. The configuration of the defense-in-depth layer is extremely important to a company’s overall defense posture.”
You can read more in a whitepaper available from the Teleport site.
Image credit: IgorVetushko/depositphotos.com
