How severe is CVE-2020-5261?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-5261?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2020-5261 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.

Related Vulnerabilities

CVE-2020-12355

MEDIUM

CVSS:6.8(Medium)

Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of p...

CWE-2942020

CVE-2020-13799

MEDIUM

CVSS:6.8(Medium)

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of...

CWE-2942020

CVE-2020-4042

MEDIUM

CVSS:6.8(Medium)

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connec...

CWE-2942020

CVE-2021-40170

MEDIUM

CVSS:6.8(Medium)

An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by repla...

CWE-2942021

CVE-2022-30467

MEDIUM

CVSS:6.8(Medium)

Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.

CWE-2942022

CVE-2022-47930

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easie...

CWE-2942022