Information Disclosure Vulnerability in Microsoft Active Directory Federation Services
CVE-2013-3185

Currently unrated

Key Information:

Vendor

Microsoft
Status
Active Directory Federation Services
Vendor
CVE Published:
14 August 2013

What is CVE-2013-3185?

This vulnerability within Microsoft Active Directory Federation Services (AD FS) allows for the unauthorized access to sensitive information about the service account. A successful exploit can lead to remote attackers conducting account-lockout attacks through specific endpoint connections. This poses significant risks to user accounts and overall system integrity, particularly on affected versions operating on Windows Server platforms.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.us-cert.gov/ncas/alerts/TA13-225A
third-party-advisoryx_refsource_CERT

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.