CVE-2023-41890
- EPSS 0.14%
- Veröffentlicht 19.09.2023 15:15:52
- Zuletzt bearbeitet 21.11.2024 08:21:51
Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently val...
CVE-2020-5268
- EPSS 0.3%
- Veröffentlicht 21.04.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:33:48
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is as...
CVE-2020-5261
- EPSS 0.29%
- Veröffentlicht 25.03.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:47
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Sing...