Share:

CVE-2019-1006

Critical 7.5

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Published July 15, 2019.

Affected software

Microsoft Sharepoint Server

Microsoft Sharepoint Enterprise Server

Microsoft .net Framework

Microsoft Windows Server 2019

Microsoft Windows Server 2008

Microsoft Windows Server 2012

Microsoft Windows 7

Microsoft Windows 10

Microsoft Identitymodel

Microsoft Windows 8.1

Microsoft Windows Server 2016

Microsoft Windows Rt 8.1

Microsoft Sharepoint Foundation

Get alerts for Microsoft Sharepoint Server

Reference links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006