TechTarget

Expert warns of Windows single sign-on danger

A mechanism used to support single sign-on in Windows-based systems could be used by hackers to cause damage across company systems, a UK security expert has warned.

A mechanism used to support single sign-on in Windows-based systems could be used by hackers to cause damage across company systems, a UK security expert has warned.

Luke Jennings, a consultant at MWR InfoSecurity, will present a paper on the risk at next week's DefCon conference in Las Vegas.

Secondary attacks on systems that use a single sign-on mechanism to log in users, such as Windows, are a growing trend, because a compromised PC can be used to easily access multiple systems.

Single sign-on enables end-users to access secure applications without having to remember several passwords. It is achieved in Windows using an access token. Once the user logs in to a Windows PC, applications that would previously require the user to log-in again only need to check the access token.

Jennings found that the use of a token could be a problem if a PC is compromised, as an attacker could use it to log into other machines and applications. This is particularly significant if the user is a system administrator with a high level of access to many systems.

www.defcon.org >>


Single sign-on reduces security risk as boosts productivity, says analyst >>

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close