5 Best Practices To Secure Single Sign-On Systems
CSO Online, July 14th, 2020
July 26, 2020,
Volume 268, Issue 4
Don't assume that SSO is inherently secure. Follow these recommendations to prevent unauthorized access due to authentication flaws.
"The recent 'Sign in with Apple' vulnerability earned a researcher $100,000 as a part of Apple's bug bounty program. The flaw itself arose from an OAuth-style implementation that did not properly validate JSON Web Token (JWT) authentication between requests. This would have allowed a malicious actor to 'Sign in with Apple' using anyone's Apple ID..."
Read More ...