2 matches found
CVE-2026-54784
CoreWCF CVE-2026-54784 affects CoreWCF 1.9.0 where SPNEGO SecurityContextToken proof key recovered from the RSTR can be observed when using TransportWithMessageCredential with Windows client credentials, enabling impersonation of the Windows principal and decryption/forgery of WS‑SecureConversati...
CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...