Information Disclosure Vulnerability in Microsoft Active Directory Federation Services
CVE-2014-6331

Currently unrated

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
11 November 2014

What is CVE-2014-6331?

In Microsoft Active Directory Federation Services (AD FS) versions 2.0, 2.1, and 3.0, an improper handling of logoff actions occurs when a configured SAML Relying Party lacks a proper sign-out endpoint. This oversight can potentially allow remote attackers to exploit unattended workstations to gain unauthorized access to sensitive information, heightening the risk of information disclosure. Addressing this vulnerability is essential to maintain the integrity of security protocols and protect user data.

References

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.