The application must ensure if a OneTimeUse element is used in an assertion, there is only one of the same used in the Conditions element portion of an assertion.

An XCCDF Rule

Details
Profiles

Description

Multiple <OneTimeUse> elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly.

ID: SV-222405r960759_rule
Version: APSC-DV-000250
Severity: Medium
References: CCI-000068
Updated: about 2 months ago

Remediation Templates

When using OneTimeUse elements in a SAML assertion only allow one, OneTimeUse element to be used in the conditions element of a SAML assertion.

The application must ensure if a OneTimeUse element is used in an assertion, there is only one of the same used in the Conditions element portion of an assertion.

Description

Remediation Templates

A Manual Procedure