cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Hi All

 

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.

Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce," Semperis researchers Tomer Nahum and Eric Woodruff said in a report shared with The Hacker News.

Golden SAML (short for Security Assertion Markup Language) was first documented by CyberArk in 2017. The attack vector, in a nutshell, entails the abuse of the interoperable authentication standard to impersonate almost any identity in an organization.

It's also similar to the Golden Ticket attack in that it grants attackers the ability to gain unauthorized access to any service in a federation with any privileges and to stay persistent in this environment in a stealthy manner.

 

https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html

 

Regards

 

Caute_Cautim

1 Reply
Kyaw_Myo_Oo
Contributor II

Thanks so much for the update @Caute_cautim.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP