PT-2018-1480 · Microsoft · Windows Server 2012 R2+4

Andrew Lee

Publicado

2018-08-14

Atualizado

2019-10-03

CVE-2018-8340

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows Server 2016 Windows Server 2012 R2 Windows 10 Servers

Description A security feature bypass issue exists due to improper handling of multi-factor authentication requests by Active Directory Federation Services (AD FS). This allows a remote attacker to bypass authentication procedures by sending specially crafted authentication requests.

Recommendations For Windows Server 2016, update the system to address the security feature bypass vulnerability. For Windows Server 2012 R2, update the system to address the security feature bypass vulnerability. For Windows 10 Servers, update the system to address the security feature bypass vulnerability.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-592

Identificadores relacionados

BDU:2018-01031

CVE-2018-8340

Produtos afetados

Active Directory Federation Services

Windows

Windows 10

Windows Server 2012 R2

Windows Server 2016

PT-2018-1480 · Microsoft · Windows Server 2012 R2+4

CVE-2018-8340

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9