CVE List

CVE-2019-1006

Critical 7.5

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Published July 15, 2019.

Affected software

Microsoft Windows 8.1

Microsoft Windows Rt 8.1

Microsoft Windows Server 2012

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Sharepoint Server

Microsoft Sharepoint Foundation

Microsoft .net Framework

Microsoft Windows 10

Microsoft Windows Server 2016

Microsoft Sharepoint Enterprise Server

Microsoft Windows Server 2019

Microsoft Identitymodel

Reference links

Sign Up for Alerts