Single Sign-On authentication – the bug that lets you logon as someone else

Duo found that buggy SAML libraries would read the NameID string in various ways, sometimes as [email protected] (treating the comment as a terminator for the data field), and sometimes as [email protected] (simply treating the comment as it it were not there at all).

Source: sophos.com