CVE-2020-5261— Saml2 Authentication services for ASP.NET 安全漏洞

Missing Token Replay Detection

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

使用捕获-重放进行的认证绕过

Saml2 Authentication services for ASP.NET 安全漏洞

Saml2 Authentication services for ASP.NET是一款用于ASP.NET的SAML（安全声明标记语言）身份验证服务。 Saml2 2.0.0及之后版本（2.5.0版本已修复）中的身份验证服务（用于ASP.NET）存在安全漏洞，该漏洞源于程序没有正确实现令牌重放检查。攻击者可利用该漏洞绕过身份验证。

N/A

N/A