Security Risk Category
replay-attack Security Risks
Published vulnerability pages connected to replay-attack. One risk can appear in multiple categories while keeping one canonical page.
replay-attack risks
Showing 2 of 2 published risks.
CoreWCF SAML Token Replay Cache Bypass Vulnerability
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
Updated Jul 10, 2026
CoreWCF WS-Security Signature Target Replay Vulnerability
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
Updated Jul 10, 2026
