(github.blog)

312 points campuscodi | 1 comments | 15 Mar 25 19:06 UTC | HN request time: 0.21s | source

Show context

bawolff ◴[15 Mar 25 20:32 UTC] No.43374971[source]▶

>>43374519 (OP) #

Its kind of annoying to explain the vulnerability in a blog post and then omit the parser differential in question.

It is like writing the introduction to a story and omitting the climax.

replies(2): >>43375217 #>>43378312 #

1. blincoln ◴[16 Mar 25 11:57 UTC] No.43378312[source]▶

>>43374971 #

I'm guessing they didn't want to be directly responsible for dropping a zero-day that allows authorization bypass in countless systems across the planet before the parties responsible for those systems have a chance to fix them.

I'm sure the specifics will come out sooner or later.

↑

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials