O365 auth bypass

Ioannis Kakavas ikakavas at noc.grnet.gr
Thu Apr 28 04:00:57 EDT 2016

Hi Leif,

There was a vulnerability in Office 365.
I could send a "forged" SAML assertion and exploit it.
I couldn't send a forged WS-Trust token and exploit it.
I couldn't abuse the username/password authentication.

The title was intended to reflect that. ( and yes I know that "the road
to hell is paved with good intentions )


On 28/04/2016 10:48 πμ, Leif Johansson wrote:
>>> This is being misrepresented (and >dangerously so, IMHO)
>> That's an overstatement IMHO.
> Read the title out loud again and then say it isn't talking about SAML :-)

Ioannis Kakavas - ikakavas at grnet.gr
Identity and Security Engineer
GRNET Network Operations Centre
Greek Research & Technology Network - http://www.grnet.gr
56, Mesogion Av., Ampelokipi, 11527 Athens, Greece
Office: +30 2107474255

PGP Fingerprint: A5AA FB5E 740A 603B FAB1 9920 D70F 0CD5 9DE3 C262

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://shibboleth.net/pipermail/users/attachments/20160428/9f217748/attachment.sig>

More information about the users mailing list