khoadha

2 posts published

CVE-2022-47966 SAML ShowStopper

1. IntroductionSAML(Security Assertion Markup Language) & OIDC (OpenID Connect) is the two main SSO (Single-Sign-On) standards. While OIDC is more popular, SAML is mostly used by enterprise organization to authenticate employee. SAML depends on XML signatures & XML Encryption to check if the message come from identity provider (IdP)

Researches

CVE-2022-0540 - Authentication bypass in Seraph

1. ForewordSorry for the late writeup. When the Advisory for CVE-2022-0540 was released, some of my reports were triaged and I was hyped. But later, I lost motivation to complete this write up because all of those reports were marked as out of scope, not eligible for a bounty and