(MS13-066) Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)
Publish Date: 27 de sierpnia de 2013
Severity: : High
CVE Kennungen: : CVE-2013-3185
Advisory Date: 27 de sierpnia de 2013
DESCRIPTION
This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). The vulnerability could reveal information pertaining to the service account used by AD FS. An attacker could then attempt logons from outside the corporate network, which would result in account lockout of the service account used by AD FS if an account lockout policy has been configured. This would result in denial of service for all applications relying on the AD FS instance.
SOLUTION
AFFECTED SOFTWARE AND VERSION:
- Active Directory Federation Services 2.1
- Active Directory Federation Services 2.0
- Active Directory Federation Services 1.x