#VU26503 Authentication Bypass by Capture-replay in Sustainsys.Saml2


Published: 2020-04-01

Vulnerability identifier: #VU26503

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5261

CWE-ID: CWE-294

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sustainsys.Saml2
Universal components / Libraries / Libraries used by multiple products

Vendor: Sustainsys

Description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to improper implementation of Token Replay Detection. A remote authenticated attacker can bypass authentication process.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Sustainsys.Saml2: 2.0.0 - 2.4.0

External links
http://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241
http://github.com/Sustainsys/Saml2/issues/711
http://github.com/Sustainsys/Saml2/security/advisories/GHSA-g6j2-ch25-5mmv

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Authentication Bypass in Sustainsys Saml2