Computer Security
[EN] securityvulns.ru no-pyccku


Active Directory Federation Services information disclosure
Published:16.04.2015
Source:
SecurityVulns ID:14387
Type:remote
Threat Level:
5/10
Description:Invalid session logoff.
Affected:MICROSOFT : Active Directory Federation Services 3.0
CVE:CVE-2015-1638 (Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability.")
Files: Microsoft Security Bulletin MS15-040 - Important Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod