Tag: Siteminder

CA Siteminder is an authentication provider for web interfaces. It’s widely deployed and can be used as a Single Sign-On for web services. It has an interesting bug which is surprising for a web interface, it was incorrectly decoding URL encoded content. This provides two interesting attacks, one more serious the other only useful as…