Information Disclosure Vulnerability in Microsoft Active Directory Federation Services
CVE-2014-6331
Currently unrated
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 11 November 2014
What is CVE-2014-6331?
In Microsoft Active Directory Federation Services (AD FS) versions 2.0, 2.1, and 3.0, an improper handling of logoff actions occurs when a configured SAML Relying Party lacks a proper sign-out endpoint. This oversight can potentially allow remote attackers to exploit unattended workstations to gain unauthorized access to sensitive information, heightening the risk of information disclosure. Addressing this vulnerability is essential to maintain the integrity of security protocols and protect user data.