Check: 2013-B-0087
Windows 2012 IAVM:
2013-B-0087
(in version v1 r30)
Title
Microsoft Active Directory Federation Services (ADFS) Information Disclosure Vulnerability (Cat I impact)
Discussion
Microsoft has released a security bulletin addressing a vulnerability in Active Directory Federation Services (ADFS). ADFS helps authenticate users to multiple, related Web applications throughout the duration of a single online session. To exploit this vulnerability, an attacker would reveal information pertaining to the service account used by AD FS. If successfully exploited, this vulnerability would allow an attacker to disclose account information, resulting in denial of service for all applications relying on the AD FS instance.
Check Content
Fix Text
Additional Identifiers
Rule ID:
Vulnerability ID: V-40043
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |