Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
BID:105378
CVE-2018-16794 |Info
Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
| Bugtraq ID: | 105378 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-16794 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 12 2018 12:00AM |
| Updated: | Sep 12 2018 12:00AM |
| Credit: | Alphan Yavas from Biznet Bilisim A.S. |
| Vulnerable: |
Microsoft Windows Server 2016 0 Microsoft Active Directory Federation Services 4.0 |
| Not Vulnerable: | |
Discussion
Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
Microsoft Active Directory Federation Services is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Microsoft ADFS 4.0 Windows Server 2016 and prior versions are vulnerable.
Microsoft Active Directory Federation Services is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Microsoft ADFS 4.0 Windows Server 2016 and prior versions are vulnerable.
Exploit / POC
Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft ADFS CVE-2018-16794 Server Side Request Forgery Security Bypass Vulnerability
References:
References:
- Disclose SSRF Vulnerability (Seclists.org)
- Microsoft Homepage (Microsoft)