SAML Replay - P5 (#433)

TimmyBugcrowd · abhinav-nain · web-flow · commit 14d683a54ffb · 2025-01-16T13:32:32.000-05:00
* SAML Replay - P5

Adding:
P5 - Broken Authentication and Session Management - SAML Replay

* Additional Files

---------

Co-authored-by: Abhinav Nain &lt;abhinav.nain@bugcrowd.com&gt;
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -302,6 +302,10 @@
             }
           ]
         },
+        {
+          "id": "saml_replay",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+        },
         {
           "id": "session_fixation",
           "children": [
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -469,6 +469,13 @@
             }
           ]
         },
+        {
+          "id": "saml_replay",
+          "references": [
+            "https://snyk.io/blog/common-saml-vulnerabilities-remediate/",
+            "https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"
+          ]
+        },
         {
           "id": "session_fixation",
           "remediation_advice": "Always regenerate the session token after the users properly authenticate.",
diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json
@@ -83,6 +83,7 @@
   "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_password_change&redirect=true",
   "broken_authentication_and_session_management.failure_to_invalidate_session.on_two_fa_activation_change": null,
   "broken_authentication_and_session_management.failure_to_invalidate_session.permission_change": null,
+  "broken_authentication_and_session_management.saml_replay": null,
   "broken_authentication_and_session_management.session_fixation": null,
   "broken_authentication_and_session_management.session_fixation.local_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:local_attack_vector&redirect=true",
   "broken_authentication_and_session_management.session_fixation.remote_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:remote_attack_vector&redirect=true",
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
@@ -526,6 +526,12 @@
             }
           ]
         },
+        {
+          "id": "saml_replay",
+          "name": "SAML Replay",
+          "type": "subcategory",
+          "priority": 5
+        },
         {
           "id": "session_fixation",
           "name": "Session Fixation",

Original file line number	Diff line number	Diff line change
`@@ -302,6 +302,10 @@`
`302`	`302`	`}`
`303`	`303`	`]`
`304`	`304`	`},`
	`305`	`+ {`
	`306`	`+ "id": "saml_replay",`
	`307`	`+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"`
	`308`	`+ },`
`305`	`309`	`{`
`306`	`310`	`"id": "session_fixation",`
`307`	`311`	`"children": [`
Original file line number	Diff line number	Diff line change
`@@ -469,6 +469,13 @@`
`469`	`469`	`}`
`470`	`470`	`]`
`471`	`471`	`},`
	`472`	`+ {`
	`473`	`+ "id": "saml_replay",`
	`474`	`+ "references": [`
	`475`	`+ "https://snyk.io/blog/common-saml-vulnerabilities-remediate/",`
	`476`	`+ "https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"`
	`477`	`+ ]`
	`478`	`+ },`
`472`	`479`	`{`
`473`	`480`	`"id": "session_fixation",`
`474`	`481`	`"remediation_advice": "Always regenerate the session token after the users properly authenticate.",`
Original file line number	Diff line number	Diff line change
`@@ -526,6 +526,12 @@`
`526`	`526`	`}`
`527`	`527`	`]`
`528`	`528`	`},`
	`529`	`+ {`
	`530`	`+ "id": "saml_replay",`
	`531`	`+ "name": "SAML Replay",`
	`532`	`+ "type": "subcategory",`
	`533`	`+ "priority": 5`
	`534`	`+ },`
`529`	`535`	`{`
`530`	`536`	`"id": "session_fixation",`
`531`	`537`	`"name": "Session Fixation",`