PT-2018-1480 · Microsoft · Windows Server 2012 R2+4

Andrew Lee

Published

2018-08-14

Updated

2019-10-03

CVE-2018-8340

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows Server 2016 Windows Server 2012 R2 Windows 10 Servers

Description A security feature bypass issue exists due to improper handling of multi-factor authentication requests by Active Directory Federation Services (AD FS). This allows a remote attacker to bypass authentication procedures by sending specially crafted authentication requests.

Recommendations For Windows Server 2016, update the system to address the security feature bypass vulnerability. For Windows Server 2012 R2, update the system to address the security feature bypass vulnerability. For Windows 10 Servers, update the system to address the security feature bypass vulnerability.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-592

Related Identifiers

BDU:2018-01031

CVE-2018-8340

Affected Products

Active Directory Federation Services

Windows

Windows 10

Windows Server 2012 R2

Windows Server 2016

PT-2018-1480 · Microsoft · Windows Server 2012 R2+4

CVE-2018-8340

Weakness Enumeration

Related Identifiers

Affected Products

References · 9