4 matches found
CVE-2026-54781
CoreWCF (SAML token validation) does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate subjects without proper authority. Affects CoreWCF.Primitives and rel...
GHSA-48PQ-2XQ3-C2M4 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...
PT-2026-51078
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token validation in the SamlSecurityTokenHandler does not enforce SubjectConfirmation method URIs or holder-of-key proof keys. This allows an attacker to...