GHSA-9jr3-rj99-8jq3MediumCVSS 5.9
CoreWCF: SAML token replay protection is inoperative
🔗 CVE IDs covered (1)
📋 Description
Impact
When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Provide your own implementation of ITokenReplayCache with the correct behavior.
🎯 Affected products2
- nuget/CoreWCF.Primitives:< 1.8.1
- nuget/CoreWCF.Primitives:>= 1.9.0, < 1.9.1