CVE-2020-5261
HIGH8.2EPSS 0.29%Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
描述
### Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. ### Patches The 2.5.0 version is patched. ### Workarounds There are no workarounds with existing versions. Fixing the issue requires code updates. ### References https://en.wikipedia.org/wiki/Replay_attack ### For more information If you have any questions or comments about this advisory: * Comment on #711. * Email us at [[email protected]](mailto:[email protected]) if you think that there are further security issues.
受影響套件(1)
- NuGet/Sustainsys.Saml2>= 2.0.0, < 2.5.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |