Expert warns of Windows single sign-on danger


Expert warns of Windows single sign-on danger

Cliff Saran

A mechanism used to support single sign-on in Windows-based systems could be used by hackers to cause damage across company systems, a UK security expert has warned.

Luke Jennings, a consultant at MWR InfoSecurity, will present a paper on the risk at next week's DefCon conference in Las Vegas.

Secondary attacks on systems that use a single sign-on mechanism to log in users, such as Windows, are a growing trend, because a compromised PC can be used to easily access multiple systems.

Single sign-on enables end-users to access secure applications without having to remember several passwords. It is achieved in Windows using an access token. Once the user logs in to a Windows PC, applications that would previously require the user to log-in again only need to check the access token.

Jennings found that the use of a token could be a problem if a PC is compromised, as an attacker could use it to log into other machines and applications. This is particularly significant if the user is a system administrator with a high level of access to many systems. >>

Single sign-on reduces security risk as boosts productivity, says analyst >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy