CVE-2024-5249 – This vulnerability allows attackers to replay S... (How to Fix)

Q: What is the severity of CVE-2024-5249?

CVE-2024-5249 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows attackers to replay SAML tokens in Akana API Platform, potentially enabling unauthorized access to protected resources. Organizations using Akana API Platform versions before 2024.1.0 are affected. The issue stems from insufficient validation of token uniqueness.

📋 TL;DR

This vulnerability allows attackers to replay SAML tokens in Akana API Platform, potentially enabling unauthorized access to protected resources. Organizations using Akana API Platform versions before 2024.1.0 are affected. The issue stems from insufficient validation of token uniqueness.

💻 Affected Systems

Products:

Akana API Platform

Versions: All versions prior to 2024.1.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using SAML authentication. The vulnerability exists in the SAML token validation mechanism.

📦 What is this software?

Akana Api by Perforce

View all CVEs affecting Akana Api →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized administrative access, compromise sensitive API data, or perform actions as legitimate users.

🟠

Likely Case

Attackers could gain unauthorized access to user accounts or protected API endpoints by reusing captured SAML tokens.

🟢

If Mitigated

With proper monitoring and short token lifetimes, impact would be limited to brief unauthorized access windows.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires capturing valid SAML tokens, which typically requires some level of network access or position.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1.0

Vendor Advisory: https://portal.perforce.com/s/detail/a91PA000001SUH7YAO

Restart Required: Yes

Instructions:

1. Download Akana API Platform 2024.1.0 or later. 2. Backup current configuration and data. 3. Install the updated version following vendor documentation. 4. Restart all Akana services.

🔧 Temporary Workarounds

Reduce SAML Token Lifetime

all

Configure shorter SAML token validity periods to limit replay window

Configure in Akana admin console: Security > SAML > Token Settings

Enable Token Replay Detection

all

Configure additional logging and monitoring for token reuse attempts

Enable audit logging for SAML token validation events

🧯 If You Can't Patch

Implement network segmentation to limit access to SAML endpoints
Deploy WAF rules to detect and block suspicious token reuse patterns

🔍 How to Verify

Check if Vulnerable:

Check Akana version via admin console or command: java -jar akana-admin.jar version

Check Version:

java -jar akana-admin.jar version

Verify Fix Applied:

Verify version is 2024.1.0 or later and test SAML authentication with token replay attempts

📡 Detection & Monitoring

Log Indicators:

Multiple authentication attempts with same SAML token ID
SAML token validation failures with duplicate IDs

Network Indicators:

Repeated SAML assertions from same source
Unusual timing patterns in SAML requests

SIEM Query:

source="akana" AND ("SAML token replay" OR "duplicate token" OR "token validation failed")

📊 Metadata

CVE ID: CVE-2024-5249

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-294

Published: July 30, 2024

Last Updated: November 21, 2024

🔗 References

https://portal.perforce.com/s/detail/a91PA000001SUH7YAO Vendor Advisory
https://portal.perforce.com/s/detail/a91PA000001SUH7YAO Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5249, you might also want to check these: