Google Information for VU#612636

Google SAML Single Sign on vulnerability



Vendor Statement

Google was notified of this issue a few months ago. Once notified, work proceeded swiftly to provide a safe solution for customers. Google notified customers that could be vulnerable directly, and provided clear instructions on how to protect their systems. There have been no reports of this vulnerability being exploited.

Google would like to thank Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, and Llanos Tobarra Abad with the AVANTSSAR project ( for responsibly disclosing this issue and providing technical assistance.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.