Description
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
Problem types
CWE-290: Authentication Bypass by Spoofing
CWE-347: Improper Verification of Cryptographic Signature
Product status
< 1.8.1
References
github.com/...oreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v
github.com/...ommit/0b8c8af851260e85e8402af53233d1b8f87dfb6f
github.com/...ommit/0e63c2cca55763d8be6b226a234579280a09e7b6
github.com/...ommit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d
github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1