Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Active Directory Federation Services information leakage
Published:18.11.2014
Source:
SecurityVulns ID:14093
Type:remote
Threat Level:
5/10
Description:It's possible to access closed session.
Affected:MICROSOFT : ADFS 2.0
 MICROSOFT : ADFS 2.1
 MICROSOFT : ADFS 3.0
CVE:CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability.")
Files: Microsoft Security Bulletin MS14-077 - Important Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod