Authentication Bypass in Windows Communication Foundation and Identity Foundation by Microsoft
CVE-2019-1006

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows; Windows Server; Microsoft Sharepoint Foundation; Microsoft .net Framework 4.5.2
Vendor: CVE Published:; 15 July 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An authentication bypass issue allows attackers to manipulate SAML tokens using arbitrary symmetric keys within Windows Communication Foundation and Windows Identity Foundation. This vulnerability poses significant security risks as it can give unauthorized access to sensitive resources, affecting the integrity of systems relying on the security of these frameworks.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-1006
Created by 521526

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 26, 2023
👾
Exploit known to exist
Mar 26, 2023
Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Nov 26, 2018