SAML protocol bug put single sign-on accounts at risk

A validation bug in how some single sign-on products implemented an open authentication standard could have allowed an attacker to log in to a site or service as though they were the victim they were targeting.