Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22032 | APP3930 | SV-25358r1_rule | DCSQ-1 | Medium |
Description |
---|
Multiple OneTimeUse elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-04-03 |
Check Text ( C-27027r1_chk ) |
---|
Examine the contents of a SOAP message using the OneTimeUse element, all messages should contain only one instance of a OneTimeUse element in a SAML assertion. This can be accomplished using a protocol analyzer such as WireShark 1) If SOAP message uses more than one, OneTimeUse element in a SAML assertion, it is a finding. |
Fix Text (F-23100r1_fix) |
---|
When using OneTimeUse elements in a SAML assertion only allow one, OneTimeUse element to be used in the Conditions element of a SAML assertion. |