New Search

ADFS Spoofing Vulnerability - CVE-2020-0837

oval:org.cisecurity:def:8331

A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. To exploit this vulnerability an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could bypass some but not all of the authentication factors. This security update corrects how ADFS handles multi-factor authentication requests.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2020-0837
  • MSRC-CVE-2020-0837
  • KB4577015
  • KB4570333
  • KB4574727
Product(s):