ADFS Security Feature Bypass Vulnerability - CVE-2019-1126ID: oval:org.secpod.oval:def:57300 | Date: (C)2019-07-10 (M)2022-12-30 |
Class: VULNERABILITY | Family: windows |
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests.
Platform: |
Microsoft Windows Server |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |