CVE-2020-5261 Detail

Current Description

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.


Source: 
MITRE

View Analysis Description

Analysis Description

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.


Source: 
MITRE



Severity


CVSS 3.x Severity and Metrics:

References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Weakness Enumeration




CWE-ID CWE Name Source
CWE-294 Authentication Bypass by Capture-replay

NIST  

GitHub, Inc.  

Known Affected Software Configurations
Switch to CPE 2.2


Configuration 1 ( hide )

 cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (including)
2.0.0
Up to (excluding)
2.5.0

Change History


2 change records found
show changes

Quick Info

CVE Dictionary Entry:
CVE-2020-5261
NVD Published Date:
03/24/2020
NVD Last Modified:
03/27/2020










Source link

Write a comment:
*

Your email address will not be published.