File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -191,14 +191,14 @@ a trusted and expected URL.
191191Read more about Open Redirect [ CWE-601] ( https://cwe.mitre.org/data/definitions/601.html ) .
192192
193193
194- ### Avoiding Reply attacks ###
194+ ### Avoiding Replay attacks ###
195195
196- A reply attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).
196+ A replay attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).
197197
198198SAML Messages have a limited timelife (NotBefore, NotOnOrAfter) that
199199make harder this kind of attacks, but they are still possible.
200200
201- In order to avoid them, the SP can keep a list of SAML Messages or Assertion IDs alredy valdidated and processed. Those values only need
201+ In order to avoid them, the SP can keep a list of SAML Messages or Assertion IDs alredy validated and processed. Those values only need
202202to be stored the amount of time of the SAML Message life time, so
203203we don't need to store all processed message/assertion Ids, but the most recent ones.
204204
You can’t perform that action at this time.
0 commit comments