How severe is CVE-2020-5268?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2020-5268?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2020-5268 - HIGH Severity | CVSS 7.3

Vulnerability Description

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0.

Related Vulnerabilities

CVE-2024-34722

HIGH

CVSS:7.4(High)

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege wit...

CWE-3032024

CVE-2021-21902

HIGH

CVSS:7.5(High)

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authenticat...

CWE-3032021

CVE-2022-33736

HIGH

CVSS:7.5(High)

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validat...

CWE-3032022

CVE-2022-41985

HIGH

CVSS:7.5(High)

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and...

CWE-3032022

CVE-2023-25957

HIGH

CVSS:7.5(High)

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9...

CWE-3032023

CVE-2024-26248

HIGH

CVSS:7.5(High)

Windows Kerberos Elevation of Privilege Vulnerability

CWE-3032024