Skip to main content

Microsoft Windows Active Directory Federation Services (ADFS) Multiple Vulnerabilities( 09 December 2009 )

Last Update Date: 28 Jan 2011 Release Date: 9 Dec 2009 5191 Views

RISK: Medium Risk

1. Single Sign On Spoofing in ADFS Vulnerability

spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.

2. Remote Code Execution in ADFS Vulnerability

A remote code execution vulnerability exists in implementations of Active Directory Federation Services (ADFS). The vulnerability is due to incorrect validation of request headers when an authenticated user connects to an ADFS enabled Web server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.