Y
Hacker News
new
|
ask
|
show
|
jobs
by
spdgg
736 days ago
Sounds like the vulnerability was one within AD FS and that exposed the private key, making golden SAML possible.
1 comments
MattSteelblade
736 days ago
It was the SolarWinds hack that gave internal access and potential admin rights. It's no different than if a domain controller gets compromised. The attacker has gained control of the keys to kingdom; it's an inherent risk to SSO.
link