ADFS Security Feature Bypass Vulnerability - CVE-2017-0159ID: oval:org.secpod.oval:def:39776 | Date: (C)2017-04-12 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully exploited this vulnerability could bypass the account lockout protection enforced on Extranet client requests.This update corrects the security features behavior by correcting how ADFS processes requests.
Platform: |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows 10 |