New Search

Active Directory Federation Services information disclosure vulnerability - CVE-2014-6331 (MS14-077)

oval:org.mitre.oval:def:28173

Microsoft Active Directory Federation Services (AD FS) 2.0 2.1 and 3.0 when a configured SAML Relying Party lacks a sign-out endpoint does not properly process logoff actions which makes it easier for remote attackers to obtain access by leveraging an unattended workstation aka "Active Directory Federation Services Information Disclosure Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012 R2
Class:
vulnerability
Reference(s):
  • CVE-2014-6331
Product(s):
  • Microsoft Active Directory Federation Services