The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly log off a user. Successful exploitation allows attacker to discover information to which an AD FS user has access.