### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. #### Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver (commonly the IssuerTokenResolver of IssuedTokenServiceCredential) holds a non-X.509 SecurityToken whose key identifier the attacker can reference in the assertion’s `<KeyInfo>` - for example a `BinarySecretSecurityToken` representing the symmetric proof key issued by a WS-Trust symmetric-key holder-of-key STS. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free