CVE-2020-5261

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.9 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241	Patch Third Party Advisory
https://github.com/Sustainsys/Saml2/issues/711	Issue Tracking Third Party Advisory
https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*

History

24 Mar 2021, 13:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:simplesamlphp:saml2::::::::	cpe:2.3:a:sustainsys:saml2::::::::

Information

Published : 2020-03-25 02:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-5261

Mitre link : CVE-2020-5261

CVE.ORG link : CVE-2020-5261

JSON object : View

Products Affected

sustainsys

saml2

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2020-5261", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.8}]}, "published": "2020-03-25T02:15:11.427", "references": [{"url": "https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Sustainsys/Saml2/issues/711", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-294"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use."}, {"lang": "es", "value": "Los servicios de autenticaci\u00f3n Saml2 para ASP.NET (paquete NuGet Sustainsys.Saml2) superior a la versi\u00f3n 2.0.0 y menor que la versi\u00f3n 2.5.0 tienen una implementaci\u00f3n defectuosa de la detecci\u00f3n de reproducci\u00f3n de tokens. Token Replay Detection es una defensa importante en la medida de profundidad para las soluciones de Single Sign On. La versi\u00f3n 2.5.0 est\u00e1 parcheada. Tenga en cuenta que la versi\u00f3n 1.0.1 no se ve afectada. Tiene una implementaci\u00f3n correcta de reproducci\u00f3n de tokens y es seguro de usar. Los servicios de autenticaci\u00f3n Saml2 para ASP.NET (paquete NuGet Sustainsys.Saml2) superior a la versi\u00f3n 2.0.0 y menor que la versi\u00f3n 2.5.0 tienen una implementaci\u00f3n defectuosa de la detecci\u00f3n de reproducci\u00f3n de tokens. La detecci\u00f3n de reproducci\u00f3n de tokens es una medida de defensa importante para las soluciones de inicio de sesi\u00f3n \u00fanico. La versi\u00f3n 2.5.0 est\u00e1 parcheada. Tenga en cuenta que la versi\u00f3n 1.0.1 y las versiones anteriores no se ven afectadas. Estas versiones tienen una implementaci\u00f3n correcta de reproducci\u00f3n de tokens y son seguras de usar."}], "lastModified": "2021-03-24T13:15:43.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E6577A-B61E-43AD-BE8E-CC0CAC83C4F2", "versionEndExcluding": "2.5.0", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}