| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note CVE-2009-2508 CVE-2009-2509
Windows: two vulnerabilities of ADFS
Synthesis of the vulnerability
| An authenticated attacker can use two vulnerabilities of ADFS, in order to spoof the identity of a user, or to execute code. |
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2009.
|
Impacted products
Description of the vulnerability
The ADFS (Active Directory Federation Services) feature manages the SSO (Single Sign-On) authentication of users who access to several web services. ADFS can be enabled on the IIS web server, and is reachable with a web client implementing WS-* (SOAP, WSDL and UUDI). ADFS is impacted by two vulnerabilities.
An attacker, who gains access to the cache of victim's web browser, can read and then reuse ADFS data during 10 hours, even if the victim logged off the web site. The attacker can therefore access to a web service, under the identity of the victim. [severity:2/4; BID-37215, CVE-2009-2508, >]
A remote authenticated attacker can use an HTTP-ADFS query with a malicious header, in order to execute code on IIS. [severity:3/4; BID-37214, CVE-2009-2509, >] |
Characteristics
Title: Windows: two vulnerabilities of ADFS
Identifiers: 971726, BID-37214, BID-37215, CVE-2009-2508, CVE-2009-2509, MS09-070, VIGILANCE-VUL-9244.
Url: https://vigilance.fr/tree/1/9244
|
Information sources
Solutions for this vulnerability
Supplements
Vulnerability : Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508
An attacker, who gains access to the cache of victim's web browser, can read and then reuse ADFS data during 10 hours, even if the victim logged off the web site. The attacker can therefore access to a web service, under the identity of the victim.
Severity: 2/4.
Identifiers: BID-37215, CVE-2009-2508.
|
|
Vulnerability : Remote Code Execution in ADFS Vulnerability - CVE-2009-2509
A remote authenticated attacker can use an HTTP-ADFS query with a malicious header, in order to execute code on IIS.
Severity: 3/4.
Identifiers: BID-37214, CVE-2009-2509.
|
|
|