Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SharePoint Improper Certificate Validation Vulnerability (CVE-2019-1006)

Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Remediation

References

Related Vulnerabilities

Sqlite Divide By Zero Vulnerability (CVE-2019-16168)

MySQL CVE-2016-8284 Vulnerability (CVE-2016-8284)

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3738)

Moodle Improper Authentication Vulnerability (CVE-2021-40693)

Severity

High

Classification

CVE-2019-1006 CWE-295 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities