The International Journal of Innovative Research in Computer and Communication Engineering
Single Sign-On (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. The existing Chang-Lee scheme is actually insecure by presenting two attacks i.e. credential recovering attack, impersonation attack without credentials. The first attack allows a malicious service provider, who has successfully communicated with a legal user twice, to recover the user's credential and then to impersonate the user to access resources and services offered by other service providers.