CVE-2020-5261 - OpenCVE

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sustainsys	Saml2

Configuration 1 [-]

cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241
https://github.com/Sustainsys/Saml2/issues/711
https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-03-25T01:15:15

Updated: 2024-08-04T08:22:09.101Z

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5261

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-25T02:15:11.427

Modified: 2021-03-24T13:15:43.067

Link: CVE-2020-5261

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Saml2", "vendor": "Sustainsys", "versions": [{"status": "affected", "version": ">= 2.0.0, < 2.5.0"}]}], "descriptions": [{"lang": "en", "value": "Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-25T20:55:08", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Sustainsys/Saml2/issues/711"}], "source": {"advisory": "GHSA-g6j2-ch25-5mmv", "discovery": "UNKNOWN"}, "title": "Missing Token Replay Detection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5261", "STATE": "PUBLIC", "TITLE": "Missing Token Replay Detection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Saml2", "version": {"version_data": [{"version_value": ">= 2.0.0, < 2.5.0"}]}}]}, "vendor_name": "Sustainsys"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-294: Authentication Bypass by Capture-replay"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv", "refsource": "CONFIRM", "url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv"}, {"name": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241", "refsource": "MISC", "url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"}, {"name": "https://github.com/Sustainsys/Saml2/issues/711", "refsource": "MISC", "url": "https://github.com/Sustainsys/Saml2/issues/711"}]}, "source": {"advisory": "GHSA-g6j2-ch25-5mmv", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:09.101Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Sustainsys/Saml2/issues/711"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5261", "datePublished": "2020-03-25T01:15:15", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:09.101Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "74E6577A-B61E-43AD-BE8E-CC0CAC83C4F2", "versionEndExcluding": "2.5.0", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use."}, {"lang": "es", "value": "Los servicios de autenticaci\u00f3n Saml2 para ASP.NET (paquete NuGet Sustainsys.Saml2) superior a la versi\u00f3n 2.0.0 y menor que la versi\u00f3n 2.5.0 tienen una implementaci\u00f3n defectuosa de la detecci\u00f3n de reproducci\u00f3n de tokens. Token Replay Detection es una defensa importante en la medida de profundidad para las soluciones de Single Sign On. La versi\u00f3n 2.5.0 est\u00e1 parcheada. Tenga en cuenta que la versi\u00f3n 1.0.1 no se ve afectada. Tiene una implementaci\u00f3n correcta de reproducci\u00f3n de tokens y es seguro de usar. Los servicios de autenticaci\u00f3n Saml2 para ASP.NET (paquete NuGet Sustainsys.Saml2) superior a la versi\u00f3n 2.0.0 y menor que la versi\u00f3n 2.5.0 tienen una implementaci\u00f3n defectuosa de la detecci\u00f3n de reproducci\u00f3n de tokens. La detecci\u00f3n de reproducci\u00f3n de tokens es una medida de defensa importante para las soluciones de inicio de sesi\u00f3n \u00fanico. La versi\u00f3n 2.5.0 est\u00e1 parcheada. Tenga en cuenta que la versi\u00f3n 1.0.1 y las versiones anteriores no se ven afectadas. Estas versiones tienen una implementaci\u00f3n correcta de reproducci\u00f3n de tokens y son seguras de usar."}], "id": "CVE-2020-5261", "lastModified": "2021-03-24T13:15:43.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-03-25T02:15:11.427", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Sustainsys/Saml2/issues/711"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "security-advisories@github.com", "type": "Secondary"}]}