18 votes

How I hacked my company's SSO provider

Posted by mattsayar
Tags: hacking, vulnerabilities, single sign on, author.matt sayar, source.mattsayar, short read
https://mattsayar.com/how-i-hacked-my-companys-sso-provider/

Link information

This data is scraped automatically and may be incorrect.

Authors
Matt Sayar
Published
Mar 4 2025
Word count
396 words

5 comments

  1. [2]
    pete_the_paper_boat
    Link
    Don't tell me they lack input validation on the backend- sigh

    The email field was uneditable on purpose to prevent users from changing the email to anything besides the company-owned email address.

    Don't tell me they lack input validation on the backend-

    And it worked!

    sigh

    20 votes
    1. mattsayar
      Link Parent
      Yeah, they really just disabled the input and called it a day. To do that during development... ok. For it to pass a code review is unacceptable.

      Yeah, they really just disabled the input and called it a day. To do that during development... ok. For it to pass a code review is unacceptable.

      10 votes
  2. [3]
    mild_takes
    Link
    Sure, but I think it's an underated attack method. It's also easy to do so you need to be watching for it. I had a coworker tell me he managed to bypass our company's MFA step by messing with dev...

    I know "futzing around with browser dev tools" isn't as cool as decompiling software and running bytecode-level analysis

    Sure, but I think it's an underated attack method. It's also easy to do so you need to be watching for it.

    I had a coworker tell me he managed to bypass our company's MFA step by messing with dev tools. I would characterize this guy as kind of like a big dumb jock so I shouldn't be surprised that he would poke and prod, I AM surprised he was successful.

    11 votes
    1. [2]
      mattsayar
      Link Parent
      Honestly it's the curiosity and willingness to try that's most important.

      Honestly it's the curiosity and willingness to try that's most important.

      11 votes
      1. mild_takes
        Link Parent
        I feel like I should clarify. I'm not in IT or a supervisor or any sort of person to try to deal with the issue. This guy just hated the move to MFA and was just trying to break it so that he...

        I feel like I should clarify. I'm not in IT or a supervisor or any sort of person to try to deal with the issue. This guy just hated the move to MFA and was just trying to break it so that he wouldn't have to use it. It was never reported but when I asked him to show me how he did it he was no longer able to reproduce it so it might have been patched?

        I'm down for the curiosity and willingness to try... its just he definitely wasn't trying to help.

        3 votes