CVE-2019-1006

Name of the Vulnerable Software and Affected Versions Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) (affected versions not specified)

Description An authentication bypass issue exists, allowing the signing of SAML tokens with arbitrary symmetric keys. This can enable an attacker to impersonate another user, potentially leading to elevation of privileges. The vulnerability is related to errors in the implementation of the authentication procedure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.