CVE-2014-6331

MEDIUM

Description

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

References

http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx

http://www.securityfocus.com/bid/70938

http://www.securitytracker.com/id/1031195

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-077

Details

Source: MITRE

Published: 2014-11-11

Updated: 2018-10-12

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM