Information Disclosure Vulnerability in Microsoft Active Directory Federation Services
CVE-2014-6331

Currently unrated

Key Information:

Vendor: Microsoft
Status: Active Directory Federation Services
Vendor: CVE Published:; 11 November 2014

What is CVE-2014-6331?

In Microsoft Active Directory Federation Services (AD FS) versions 2.0, 2.1, and 3.0, an improper handling of logoff actions occurs when a configured SAML Relying Party lacks a proper sign-out endpoint. This oversight can potentially allow remote attackers to exploit unattended workstations to gain unauthorized access to sensitive information, heightening the risk of information disclosure. Addressing this vulnerability is essential to maintain the integrity of security protocols and protect user data.

References

http://blogs.technet.com/b/srd/archive/2014/11/11/assessi...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1031195

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

33% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2014
Vulnerability Reserved
Sep 11, 2014