Bypassing Modern Authentication Methods for SSO - A Beginner's Guide

Explore the vulnerabilities in modern authentication systems and Single Sign-On (SSO) in this 41-minute conference talk from the RSA Conference. Delve into the strengths and weaknesses of passwordless authentication and WebAuthn protocol fundamentals. Learn how famous attack tactics like Man-in-the-Middle (MITM) and session hijacking can be used to bypass various authentication mechanisms. Witness demonstrations on stealing credentials from well-known federation providers such as Azure AD and Pingfed. Gain valuable insights into current mitigation strategies for both application managers and developers to enhance security against these threats.