CVE-2020-5261

Name of the Vulnerable Software and Affected Versions Sustainsys.Saml2 versions 2.0.0 through 2.4.x

Description The issue concerns a faulty implementation of Token Replay Detection, an important defense measure for Single Sign On solutions. This faulty implementation affects the specified versions of the Sustainsys.Saml2 NuGet package for ASP.NET. Token Replay Detection is crucial for preventing replay attacks, where an attacker intercepts and reuses a valid token to gain unauthorized access. The correct implementation of Token Replay Detection is essential for the security of Single Sign On solutions.

Recommendations For versions 2.0.0 through 2.4.x, update to version 2.5.0 or later, as it includes the necessary patches for the faulty Token Replay Detection implementation. At the moment, there is no information about other workarounds for the affected versions.