[Owasp-leaders] I need some advice on Windows-based SSO

Thomas Herzog thomas.herzog at owasp.org
Fri Mar 16 16:46:06 UTC 2018


Hi folks,

basically we require from all Windows-based applications the use of
Kerberos or ADFS. However, it sometimes occurs that application implement
SSO via Windows-properties like
"System.Windows.Forms.SystemInformation.UserName". Our Windows people
instist that this approach is safe to use. It would be great to here some
independent opinion on this topic. Are there possibilities to compromise
this methods?

I would be happy for any comment on this.

Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180316/83eed09e/attachment.html>


More information about the OWASP-Leaders mailing list