GitHub Advisory DatabaseGHSA-G6J2-CH25-5MMVMissing Token Replay Detection in Saml2 Authentication services for ASP.NET
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
41.4%
Impact
Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented.
Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use.
Patches
The 2.5.0 version is patched.
Workarounds
There are no workarounds with existing versions. Fixing the issue requires code updates.
References
https://en.wikipedia.org/wiki/Replay_attack
For more information
If you have any questions or comments about this advisory:
- Comment on #711.
- Email us at [email protected] if you think that there are further security issues.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| sustainsys.saml2 | lt | 2.5.0 |
Related
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
41.4%