Skip to content

Latest commit

 

History

History
65 lines (37 loc) · 2.5 KB

ReadMe.md

File metadata and controls

65 lines (37 loc) · 2.5 KB

Single Sign On

Single sign on contains OAuth, Saml, Open ID Connect. OAuth is used by many companies for authorization and authentication purposes. Some of the applications don’t implement OAuth specifications correctly.

UsageOfOauth

OAuth 2.0 Authorization Code Flow

In the below uml diagram, authorization code flow is drew.

OauthFlow

Vulnerable SSO Project

Vulnerable SSo is focused on single sign on related vulnerabilities. If you want to learn, you should check this and contribute this project.

VulnSSO tool is focused on sso attacks. Nowadays most of the company uses their own implementation for sso solutions. Some of the bug hunters found really good vulnerability on the big company. There are some tools(dvwa and others .. ) that contains vulnerability. They don't have any support for sso vulnerability.

Our focus is only sso related bugs. VulnSSO is training tool.It will contain redirect uri vulnerability , XXE on saml request and many others.

Vuln SSO project has three app.

  • Client App
  • Authentication Server
  • Resource Server

Client App

This application is used for starting point. It redirects user to authentication server.If end user enters right credentials authentication server redirect user to client app again.

Authentication Server

Authentication app is main point of this project.It has login page. This page contains user and password field. Redirected user enters credentials and authentication server checks it. Spring security has static inmemory feature. This feature accept hardcoded username and password. For this reason there is no database integration in this project.

Resource Server

This part main page of application for authenticated users. After authentication process, user will redirect this page.

In this below image, common vulnerabilities are explained.

OauthFlow

Incoming Vulnerability

  • CSRF for state paratemeter
  • XSS For SPA Application
  • CSRF for token storage issue on SPA side. Leakage of same site cookie ,X-CSRF token

Related Bug Bounty

References