Validity periods must be verified on all application messages using WS-Security or SAML assertions.

An XCCDF Rule

Details
Profiles

Description

When using WS-Security in SOAP messages, the application should check the validity of the time stamps with creation and expiration times. Time stamps that are not validated may lead to a replay event and provide immediate unauthorized access of the application. Unauthorized access results in an immediate loss of confidentiality.

ID: SV-222400r960759_rule
Version: APSC-DV-000200
Severity: High
References: CCI-000068
Updated: about 2 months ago

Remediation Templates

Design and configure the application to use validity periods, ensure validity periods are verified on all WS-Security token profiles and SAML Assertions.

Validity periods must be verified on all application messages using WS-Security or SAML assertions.

Description

Remediation Templates

A Manual Procedure