Commonwealth Bank of Australia Tries to Explain Coding Errors Found After 4 Years

The coding errors were created in July 2011 when the bank introduced an automated decision tool to process customer overdraft applications, but the problems weren’t discovered until September 2015. During the calculations that decided whether a customer could actually afford an overdraft, one software error in the decision tool’s algorithm failed to count a customer’s rental expenses, while another error accessed a wrong data field that was used for determining a customer’s overall household expenditures. The result was that a customer’s true expenses where likely underestimated or under-assessed.

Single Sign-On authentication – the bug that lets you logon as someone else

Duo found that buggy SAML libraries would read the NameID string in various ways, sometimes as [email protected] (treating the comment as a terminator for the data field), and sometimes as [email protected] (simply treating the comment as it it were not there at all).

Source: sophos.com