WRITEUP

WRITEUP

Exploit for CVE-2020-5268 - Sustainsys Saml2 < 1.0.2 - Authentication Bypass

AI Analysis

This is a patch file addressing CVE-2020-5268, which fixes token replay detection in the Sustainsys.Saml2 library. The patch modifies token validation logic to properly handle replay attacks by correcting the expiration time used for replay detection.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1550.003 - Pass the Ticket

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241

Authors

Anders Abel

Vulnerability

CVE-2020-5268

Sustainsys Saml2 < 1.0.2 - Authentication Bypass

MEDIUM

CVSS 6.5