SAML Replay - P5

Adding: P5 - Broken Authentication and Session Management - SAML Replay
bugcrowd · Jan 12, 2025 · c219d8b · c219d8b
1 parent 5c0a021
commit c219d8b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -366,6 +366,10 @@
           "id": "authentication_bypass",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
         },
+        {
+          "id": "saml_replay",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+        },
         {
           "id": "two_fa_bypass",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"

diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -721,6 +721,13 @@
             "https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)"
           ]
         },
+        {
+          "id": "saml_replay",
+          "references": [
+            "https://snyk.io/blog/common-saml-vulnerabilities-remediate/",
+            "https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"
+          ]
+        },
         {
           "id": "cleartext_transmission_of_session_token",
           "remediation_advice": "Ensure that session tokens are transmitted over protected channels at all times. If the secure cookie flag is not an option ensure that the application does not support unencrypted communication.",

diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
@@ -747,6 +747,12 @@
           "type": "subcategory",
           "priority": 1
         },
+        {
+          "id": "saml_replay",
+          "name": "SAML Replay",
+          "type": "subcategory",
+          "priority": 5
+        },    
         {
           "id": "two_fa_bypass",
           "name": "Second Factor Authentication (2FA) Bypass",