Cross-Site Request Forgery (CSRF) is a vulnerability that occurs when an attacker can cause a victim to perform an unintended action on a web resource. In the context of SSO, CSRF vulnerabilities can allow an attacker to force a victim to log in to an app using the attacker’s identity.
For example, an attacker could generate an SSO link for their account and then put it in the source attribute of an image of a web page. They would then force a victim to visit this page, who would unknowingly make a request to clever.com with their existing session, which would log them in with the attackers account to the application in question.
Depending on the configuration of the application, this may result in a low impact threat ("the victim is logged in to the application as the attacker and may accidentally type in sensitive data") or a high impact threat ("the attacker’s identity is silently added to the victim’s account in the application").
Updated about a month ago