VYPR

NuGet package

sustainsys.saml2

pkg:nuget/sustainsys.saml2

Vulnerabilities (3)

  • CVE-2023-41890Sep 19, 2023
    affected < 1.0.3fixed 1.0.3

    Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a mal

  • CVE-2020-5268Apr 21, 2020
    affected < 1.0.2fixed 1.0.2

    In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the

  • CVE-2020-5261Mar 25, 2020
    affected >= 2.0.0, < 2.5.0fixed 2.5.0

    Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.