Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Remediation

References

CVE-2019-1006

Related Vulnerabilities

WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)

WordPress Plugin Block wp-login Cross-Site Request Forgery (1.3.0)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)

WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.2.1)

Java Unspesificed Vulnerability (CVE-2019-2786)

Severity

High

Classification

CVE-2019-1006 CWE-295 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities