Attacker Value
Very Low
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2020-5261

Disclosure Date: March 25, 2020
CVE-2020-5261 CVSS v3 Base Score: 6.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Low
UnauthenticatedVulnerable in default configurationNo useful accessRequires physical accessRequires user interaction
Technical Analysis

Description

This is a Replay Attack found in versions 2.0.0 to 2.4.0 of “Sustainsys.Saml2” Nuget package.
The attacker can wait for the user’s token to be sent and reuse it.

“The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider (SP). The library was previously named Kentor.AuthServices.”

Severity

It depends on the context that the library is being used in. It can grant authentification as another user.
Though getting the token requires high access to the user.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
6.8 Medium
Impact Score:
5.2
Exploitability Score:
1.6
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Saml2 >= 2.0.0, < 2.5.0
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • sustainsys

Products

  • saml2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis