Microsoft ADFS CVE-2017-0159 Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully exploited this vulnerability could bypass the account lockout protection enforced on Extranet client requests.
Affected Applications
Windows 10
Windows Server 2012
Windows Server 2016