Enterprises have standardized on offering web-based applications for their user
community and are using Single Sign-On to make accessing them simple and
secure. But if an attacker finds a weakness in the Single Sign-On environment,
they can access all web applications as though they were legitimate users. This
talk discusses a mass-compromise scenario in certain real Single Sign-On
environments.