CVE-2014-6331

Currently unrated

Key Information:

Vendor: Microsoft
Status: Active Directory Federation Services
Vendor: CVE Published:; 11 November 2014

Summary

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

References

http://blogs.technet.com/b/srd/archive/2014/11/11/assessi...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1031195

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
Nov 11, 2014
Vulnerability Reserved
Sep 11, 2014

Collectors

NVD DatabaseMitre Database