CVE-2020-5268
In Saml2 Authentication Services for ASP.NET, versions before 1.0.2 and between 2.0.0 and 2.6.0 contain a vulnerability in token validation. Sustainsys.Saml2 incorrectly treats all incoming tokens as bearer tokens, despite tokens being subject-confirmed by other means (e.g., holder-of-key). An at...