dotnet · CoreWCF.PrimitivesHeads-up
CoreWCF.Primitives Token Replay Detection Bypass
A security advisory was published for CoreWCF.
What changed
A security advisory was published for CoreWCF.Primitives. When DetectReplayedTokens is enabled, a token can be replayed and will be detected despite it being reused.
Who it affects
Users of CoreWCF.Primitives who enable DetectReplayedTokens and are on versions prior to v1.8.1 or v1.9.1.
What to do today
Update CoreWCF.Primitives to v1.8.1 or v1.9.1, or implement a custom ITokenReplayCache as a workaround.
The trail
Collected→
Audited→
Written→
Published