EUVD-2025-34371

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally...

Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally...

EUVD-2020-11948

Malware in sbrugna...

EUVD-2015-7860

Malware in sbrugna...

EUVD-2019-9838

Malware in sbrugna...

EUVD-2019-1710

Malware in sbrugna...

EUVD-2017-0410

Malware in sbrugna...

EUVD-2018-8594

Malware in sbrugna...

CVE-2020-1055

A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'...

CVE-2019-1273

A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'...

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...

ADFS Relying Party Trusts Disclosure

Microsoft Active Directory Federation Services ADFS is a very popular Single Sign On SSO feature offering identity federation to organizations. An ADFS server can be configured to show a login page to connect to corporate applications directly from this Identity Provider IdP. When enabled, this w...

The vulnerability of the Active Directory Federation Services (ADFS) for Windows operating systems allows a perpetrator to circumvent security restrictions.

The vulnerability of the Active Directory Federation Services AD FS for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...

Security feature bypass

Active Directory Federation Service Security Feature Bypass Vulnerability...

May 9, 2023—KB5026370 (OS Build 20348.1726)

May 9, 2023—KB5026370 OS Build 20348.1726 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when new...

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

Our story begins with eight Microsoft Detection and Response Team DART analysts gathered around a customer’s conference room to solve a cybersecurity mystery. Joined by members of the customer’s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known ...

CVE-2022-30215

Active Directory Federation Services Elevation of Privilege Vulnerability...

Privilege escalation

Active Directory Federation Services Elevation of Privilege Vulnerability...

CVE-2022-30584

Archer Platform 6.3 before 6.11 6.11.0.0 contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 6.10.0.3 and 6.9 SP3 P4 6.9.3.4 are also fixed releases...

The vulnerability of the Active Directory Federation Services (AD FS) for Windows operating systems allows a perpetrator to circumvent security restrictions and enhance their privileges.

The vulnerability of the Active Directory Federation Services AD FS for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and increase their privileges...