Expert warns of Windows single sign-on danger


Expert warns of Windows single sign-on danger

Cliff Saran

A mechanism used to support single sign-on in Windows-based systems could be used by hackers to cause damage across company systems, a UK security expert has warned.

Luke Jennings, a consultant at MWR InfoSecurity, will present a paper on the risk at next week's DefCon conference in Las Vegas.

Secondary attacks on systems that use a single sign-on mechanism to log in users, such as Windows, are a growing trend, because a compromised PC can be used to easily access multiple systems.

Single sign-on enables end-users to access secure applications without having to remember several passwords. It is achieved in Windows using an access token. Once the user logs in to a Windows PC, applications that would previously require the user to log-in again only need to check the access token.

Jennings found that the use of a token could be a problem if a PC is compromised, as an attacker could use it to log into other machines and applications. This is particularly significant if the user is a system administrator with a high level of access to many systems. >>

Single sign-on reduces security risk as boosts productivity, says analyst >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy