CVE-2013-3185

Currently unrated

Key Information:

Vendor: Microsoft
Status: Active Directory Federation Services
Vendor: CVE Published:; 14 August 2013

Summary

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/ncas/alerts/TA13-225A

third-party-advisoryx_refsource_CERT

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2013
Vulnerability Reserved
Apr 17, 2013

Collectors

NVD DatabaseMitre Database