zlacker

[parent] [thread] 1 comments
1. Securi+(OP)[view] [source] 2022-01-27 19:17:48
Thanks for saying this. This was exactly my take. Saying goodbye to VPNs just completely ignores the risk of RCE vulnerabilities on your services. You can have a VPN that still brings you into a zero trust network.
replies(1): >>tptace+P
2. tptace+P[view] [source] 2022-01-27 19:21:22
>>Securi+(OP)
It does essentially define away the authentication bypass problem, which is a class of vulnerability we still regularly find in modern web applications. To say nothing of the fact that no human has ever implemented a SAML RP without a game-over vulnerability. Seems like a self-evidently bad plan.
[go to top]