What’s Happening & Why This Matters
Semperis, a cybersecurity firm, recently discovered an exploit called Silver SAML, a new version of Golden SAML, which poses a significant risk to organizations that use SAML for authentication, such as Salesforce. Initially, Golden SAML was used in the SolarWinds cyberattack in 2020, affecting thousands of organizations, including the U.S. Government. Following this attack, the Cybersecurity Infrastructure Security Agency (CISA) recommended that organizations move SAML authentication to a cloud identity system, such as Entra ID, as a security measure.
To protect against Silver SAML attacks in Entra ID, organizations should only use Entra ID self-signed certificates for SAML signing purposes, limit who has ownership over applications in Entra ID, and monitor changes to SAML signing keys. According to Eric Woodruff, a Semperis researcher, despite the belief that moving to certain identity systems would provide complete protection against these types of attacks, the applications are still vulnerable to Silver SAML if the organizations carry bad certificate management practices from previous systems.
TF Summary: What’s Next
Semperis researchers rate the Silver SAML vulnerability as a moderate risk to organizations but suggest that depending on the compromised system, it could reach a severe level. Semperis is committed to protecting enterprise identity services in hybrid and multi-cloud environments and offers various cyber community resources. They offer hybrid identity protection tools and are a key player in the cybersecurity industry, hosting valuable resources for cyber protection.
