Are you sure that is the one for this blog post? i got the impression that was a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bawolff 9 months ago \| parent \| context \| favorite \| on: Sign in as anyone: Bypassing SAML SSO authenticati... Are you sure that is the one for this blog post? i got the impression that was a different vuln for a different saml implementation. Also using comments to bypass saml is very old news. https://duo.com/blog/duo-finds-saml-vulnerabilities-affectin... is a post from 2018 about it.

mdaniel 9 months ago [–]

Evidently it's not the same, sorry; it seems that I lept to conclusions with the two signature mismatch vulns by ahacker1 showing up so close to one another but opening the very tiny, very dark, code picture shows this seems to be xpath-centric, not nodeType as the workos link discussed

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact