Endpoint Vulnerability

ADFS Security Feature Bypass Vulnerability

Description

A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully exploited this vulnerability could bypass the account lockout protection enforced on Extranet client requests.

Affected Products

Windows 10,Windows Server 2012,Windows Server 2016

References

CVE-2017-0159,