Microsoft is serious about security with the latest example being within seven hours of receiving notification of a serious authentication bypass flaw in its SAML system for the Office 365 platform, the software giant issued a temporary patch and started work on a permanent fix to address the issue.
SAML is short for Security Assertion Markup Language, an XML-based standard that governs how two parties talk to each other for the purpose of authenticating and authorizing users to access various resources.
At Microsoft, SAML handles user identities across the Office 365 platform. SAML allows a company hosting a domain on the platform (like office-services.company.com) to authenticate users based on their identities, which often end up shared between multiple domains.
Two security researchers, Klemen Bratec and Loannis Kakavas, discovered last December Microsoft’s SAML Service Provider implementation was vulnerable to an authentication bypass that allowed attackers to authenticate on the service and access a victim’s data, on all shared domains.
The vulnerability’s details show and attacker who has a domain hosted on the Office 365 platform can add email accounts to their domain from an organization they want to hack into.
When logging in, the researchers say an exploit allowed them to fool the platform and allow an attacker to authenticate and then access the other domain instead.
The exploit seems to allow access to resources that were not using SAML as their login solution. This included organizations that had deployed Active Directory-based federated logins as well.
Researchers said the flaw could have ended up used by an attacker to log into the Office 365 platforms for some of Microsoft’s clients such as British Airways, Japan Airlines, Aston Martin, IBM, Intel, Cisco, Pricewaterhouse Coopers (PwC), Verizon, Vodafone, Pfizer, and multiple universities across the U.S.