Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Token Replay Detection
Vulnerability Description
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
Saml2 Authentication services for ASP.NET 安全漏洞
Vulnerability Description
Saml2 Authentication services for ASP.NET是一款用于ASP.NET的SAML(安全声明标记语言)身份验证服务。 Saml2 2.0.0及之后版本(2.5.0版本已修复)中的身份验证服务(用于ASP.NET)存在安全漏洞,该漏洞源于程序没有正确实现令牌重放检查。攻击者可利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A