CVE-2009-2508

Name of the Vulnerable Software and Affected Versions Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 Active Directory Federation Services (ADFS) in Microsoft Windows Server 2008 Gold and SP2

Description The single sign-on implementation in Active Directory Federation Services (ADFS) does not properly remove credentials at the end of a network session. This allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache.

Recommendations For Microsoft Windows Server 2003 SP2, update the system to remove the vulnerability. For Microsoft Windows Server 2008 Gold and SP2, update the system to remove the vulnerability. As a temporary workaround, consider clearing the browser's cache after each use to minimize the risk of exploitation.