Endpoint Vulnerability

Microsoft: ADFS Security Feature Bypass Vulnerability


A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully exploited this vulnerability could bypass the account lockout protection enforced on Extranet client requests.

Affected Products

Windows 10,Windows Server 2012,Windows Server 2016