AD FS Security Feature Bypass Vulnerability - CVE-2018-8340ID: oval:org.secpod.oval:def:47140 | Date: (C)2018-08-15 (M)2022-11-24 |
Class: VULNERABILITY | Family: windows |
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. This security update corrects how AD FS handles multi-factor authentication requests.
Platform: |
Microsoft Windows Server |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |