CVE-2020-5261
HIGH8.2EPSS 0.29%Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
Description
### Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. ### Patches The 2.5.0 version is patched. ### Workarounds There are no workarounds with existing versions. Fixing the issue requires code updates. ### References https://en.wikipedia.org/wiki/Replay_attack ### For more information If you have any questions or comments about this advisory: * Comment on #711. * Email us at [[email protected]](mailto:[email protected]) if you think that there are further security issues.
Affected packages (1)
- NuGet/Sustainsys.Saml2>= 2.0.0, < 2.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |