ServiceNow SAML Single Sign-On Bypass

info Web App Scanning Plugin ID 114674

Synopsis

ServiceNow SAML Single Sign-On Bypass

Description

ServiceNow enables a page named `side_door.do` by default to allow users bypassing the Single Sign On (SSO) feature in case of issues to still access their ServiceNow instance.

Solution

Ensure that the recommendations applied by ServiceNow are properly enforced to avoid authentication trough this side door page with weak credentials.

See Also

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0692657

Plugin Details

Severity: Info

ID: 114674

Type: remote

Published: 3/24/2025

Updated: 3/24/2025

Scan Template: basic, full, overview, pci, quick, scan