Leveraging Single Sign-On (SSO) functionality is a common business practice because it avoids stalling workflows by requiring users to individually sign in to each application they want to use. Further, it may potentially promote better cyber security because a user only needs to remember a single password, instead of several (and if users need to have several passwords, they may use the same password for each application, or slight variations – which defeats the point of having multiple passwords anyway). The trade-off is increased vulnerability to compromised credentials – as attackers only need to get into one account to begin moving throughout the entire network. This can be mitigated by “air-gapping” critical portions of networks (requiring a separate sign-on, using different credentials), and following a policy of least access (to limit the reach of compromised credentials).
An alert was issued by the CIA, FBI, and CGCYBER (the US Coast Guard’s Cyber Command) warning users to patch their Zoho SSO manager, as a known exploit allowed attackers to bypass Zoho, allowing them to remotely execute code and gain access to all of the credentials stored in a given instance. This exploit has massive implications for the security of networks, rather than compromising a single individual and having to exploit their identity to expand their reach, an attacker only needs to crack Zoho to gain access to everything running of an organization’s active directory.
While SSO is useful, critical systems should not be linked to it as doing so creates a high-value target for attackers, and a breach may be more difficult to mitigate.