Single Sig-on (SSO) Service Is Vulnerable (Google, Paypal, Facebook, Twitter Users At Risk)

Single Sig-on (SSO) Service Is Vulnerable(Google, Paypal, Facebook, Twitter Users AtRisk) 

Serious security flaws has been found in Web-based single sign-on (SSO) services run by Google, Paypal, Facebook, Twitter, and many others. It has been suspected that executing the vulnerability an attacker can get access to users' accounts. Researchers at Microsoft and Indiana University recently recently discovered this loop hole. The security researchers have made an exclusive report which clearly indicates poor integration by website developers of the application programming interfaces and a lack of end-to-end security checks as the reasons for the flaws.  According to the report :- “In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways”. 

Although the flaws have been fixed by the affected companies, “this study shows that the overall security quality of SSO deployments seems worrisome”, they noted.