dotnet · CoreWCF.PrimitivesCritical
CoreWCF.Primitives SAML 1.1 token validation bypass
Security advisory: SAML 1.1 token validation bypass in CoreWCF.Primitives. Two exploit shapes: holder-of-key downgrade (attacker can present a holder-of-key ass
What changed
Security advisory: SAML 1.1 token validation bypass in CoreWCF.Primitives. Two exploit shapes: holder-of-key downgrade (attacker can present a holder-of-key assertion without proof key) and custom-method bypass (attacker can use a non-standard confirmation method URI).
Who it affects
Services configured to accept SAML 1.1 tokens via federation (e.g., WS2007FederationHttpBinding, WSFederationHttpBinding, or custom bindings with IssuedSecurityTokenParameters and SAML 1.1 token type).
What to do today
Upgrade CoreWCF to v1.8.1 or v1.9.1 immediately.
The trail
Collected→
Audited→
Written→
Published