SDMSA-2023:001 - StrongDM Security Advisory

SDMSA-2023:001 - StrongDM Security Advisory

Date Published

2023-02-07

Summary

A hostile actor may login to the StrongDM Infrastructure Access Platform using an account takeover attack when the Customer Organization is using SSO login, without the victim being aware of the account takeover.

Description

The sign-in link that was generated during an authentication flow could be loaded inside of a hidden iframe and would redirect to the organization's SSO provider without the user being aware. The SSO provider does not always require user interaction before completing the login if the user has recently logged in via that SSO.

Changes to the authentication now require a user to confirm intent to log in before being redirected to their SSO provider. Additional technical safeguards have been put in place to prevent an authentication flow from being hidden from users.

Affected Products & Versions

The StrongDM Infrastructure Access Platform's Control Plane was the affected component.

Recommended Action

No actions or updates are needed by customers to use the fixed authentication flows of the StrongDM IAP.

Customers using external IdPs (e.g., Okta, Google, OneLogin, etc.) should consider checking their IdP settings and enforcing either a user consent or re-authentication during the IdP's login flow.

Vulnerability Details

Acknowledgments

StrongDM would like to thank Kasif Dekel (@kasifdekel) of SentinelOne for reporting this issue.