SAML Replay

bugcrowd · Nov 17, 2024 · 9dd376b · 9dd376b
1 parent 5c0a021
commit 9dd376b
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -391,6 +391,15 @@
             }
           ]
         },
+        {
+          "id": "saml_replay",
+          "children": [
+            {
+              "id": "no_expiration",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+            }
+          ]
+        },        
         {
           "id": "session_fixation",
           "children": [

diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
@@ -232,6 +232,15 @@
               "cwe": ["CWE-311"]
             }
           ]
+        },
+        {
+          "id": "saml_replay",
+          "children": [
+            {
+              "id": "no_expiration",
+              "cwe": ["CWE-294"]
+            }
+          ]
         }
       ]
     },

diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -721,6 +721,13 @@
             "https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)"
           ]
         },
+        {
+          "id": "saml_replay",
+          "references": [
+            "https://snyk.io/blog/common-saml-vulnerabilities-remediate/",
+            "https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"
+          ]
+        },
         {
           "id": "cleartext_transmission_of_session_token",
           "remediation_advice": "Ensure that session tokens are transmitted over protected channels at all times. If the secure cookie flag is not an option ensure that the application does not support unencrypted communication.",