Lucene search
K

3 matches found

seebug.org
seebug.org
added 2009/12/12 12:0 a.m.54 views

Microsoft Windows ADFS服务单次登录功能认证欺骗漏洞(MS09-070)

BUGTRAQ ID: 37215 CVE ID: CVE-2009-2508 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的ADFS服务没有充分地验证会话管理,如果攻击者能够访问目标用户近期所使用的用于访问提供单次登录站点的工作站和Web浏览器,就可能允许攻击者扮演为通过认证的用户。 攻击者必须可以访问终端上之前用户所使用的认证令牌才可以利用这个漏洞。在启用了HTTPS服务器的情况下,认证令牌在传输中是受保护的,攻击者必须能够访问受害者的计算机(如自助终端机)才可以利用这个漏洞。在自助终端机上,用户可能登录到ADFS SSO...

6.9CVSS6.9AI score0.01262EPSS
Exploits1
CVE
CVE
added 2009/12/09 6:0 p.m.75 views

CVE-2009-2508

CVE-2009-2508 affects Microsoft Windows ADFS SSO: the single sign-on implementation does not properly discard credentials at end of a session, enabling physically proximate attackers to impersonate a previous user by reusing browser-cache data. Affected are Windows Server 2003 SP2 and Windows Ser...

6.9CVSS6.1AI score0.01262EPSS
Exploits1References3Affected Software2
OpenVAS
OpenVAS
added 2009/12/09 12:0 a.m.37 views

Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)

This host is missing a critical security update according to Microsoft Bulletin MS09-070. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9CVSS5AI score0.17053EPSS
Exploits2References3
Rows per page
Query Builder