SS-Oh No!

Track 1 - Jungle

Thu, 30 Jun 2022 @ 12:05:00

In our day and age almost every enterprise uses Single-Sign-On (SSO) services. COVID lockdowns and other trends as shifting to the cloud made it a de-facto must. Sadly, we found that people often forget it is a public facing webpage and expose sensitive data in these portals. We will share how we stumbled upon a scalable way to find such pages, common implementation and configuration errors and potential mitigations.