Incomplete Session Termination in SSO
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Authentication Verification, Single Sign On
Invented In:
01/01/1999
Added In:
23/12/2014
Vector Operation Method:
The single-sign-off feature does not invalidate the session in all the systems that are relying on the SSO mechanism, enabling attackers to abuse these sessions.
