Assertion injection attack: Difference between revisions
imported>Unknown user No edit summary |
imported>Unknown user No edit summary |
| (2 intermediate revisions by the same user not shown) | |
(No difference)
| |
Latest revision as of 00:24, 20 January 2026
Assertion injection attack
In the context of a federated protocol, consists of an attacker attempting to force an RP to accept or process an assertion or assertion reference in order to gain access to the RP or deny a legitimate subscriber access to the RP. The attacker does this by taking an assertion or assertion reference and injecting it into a vulnerable RP.
Source: NIST SP 800-63-4 | Category: