Google Information for VU#612636
Google SAML Single Sign on vulnerability
- Vendor Information Help Date Notified: 18 Jun 2008
- Statement Date:
- Date Updated: 02 Sep 2008
Google was notified of this issue a few months ago. Once notified, work proceeded swiftly to provide a safe solution for customers. Google notified customers that could be vulnerable directly, and provided clear instructions on how to protect their systems. There have been no reports of this vulnerability being exploited.
Google would like to thank Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, and Llanos Tobarra Abad with the AVANTSSAR project (http://www.avantssar.eu) for responsibly disclosing this issue and providing technical assistance.
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.