THREATOPS
THREAT OPSThreat News › The Fragile Lock: Novel Bypasses For SAML Authentication

The Fragile Lock: Novel Bypasses For SAML Authentication

infoportswigger_researchPublished 2025-12-10

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Original source: https://portswigger.net/research/the-fragile-lock