Silverfort to Unveil Research at RSA 2024: Using MITM to Bypass Modern Authentication Methods to SSO

Next week is a big week for Silverfort. Many people on our team are heading to California to attend the annual RSA conference. If you’re visiting, come find us in Moscone South at Booth #3333.

This year is extra special for our team, though. We’re excited that one of our own rising star researchers, Dor Segal (who has spent over a decade doing security research after cutting his teeth in Israel’s 8200 unit), will be unveiling how MITM attacks can still bypass modern authentication methods like FIDO2. 

Dor’s session will explore the strengths and weaknesses of passwordless authentication (FIDO2) and WebAuthn protocol fundamentals. He will demonstrate how a standard MITM attack could be used to hijack a FIDO2 authenticated session as an example of a modern authentication method, replicate the token, and use it in other sessions at will. While FIDO2 improves the security of the authentication, its defenses don’t always extend to the session itself. The way it’s implemented in most applications, specifically browsers and web-based SSO, leaves the actual session exposed to compromise.

Dor will demo a MITM attack to show how an attacker can steal credentials from known federation providers like Entra ID, and he’ll propose some mitigation techniques for both application managers and developers. (Spoiler Alert: Token Binding is essential!) 

Stop by this session on Monday, May 6th at 10:50 in Moscone West, Room 2014. 

See you there!