When one application needs to interact with another in such a way that a users authentication status is passed between them, that technology or process is called Single Sign-On (SSO). While of great value to the end user who doesn't need to remember yet another set of credentials, the use of SSO has a few security impacts. On the plus side, it means that a user doesn't have to remember another set of credentials, thus exasperating the whole password problem that exists. However, on the negative side, SSO implementation is often done via a roll-your-on process, and tends to be insecure. The following are some examples of badly implemented SSO solution.
The Direct Link - Perhaps one of the most obvious SSO error is the one where there is no authentication on the peripheral application. For example, a EHR system may have a link to a peripheral imaging system that hosts the xray of a patient. If that patients x-ray is accessible directly via a URL with the right MRN or unique identifier, it is a bad design. Should a malicious person find the URL, they could easily brute force the ID field and download all the imaging data held in the system (e.g. http://ekg-db/ekgscripts/ekg.dll?Retrieve?PatientID=1234567)
Dynamically Generated - coming soon
Authenticated w/o Authorization - coming soon
SAML - coming soon