CVE-2019-1006
Published: Jul 15, 2019
Modified: Aug 4, 2024
Description
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
| Vendor | Product | Versions |
|---|---|---|
Microsoft | Windows | affected 7 for 32-bit Systems Service Pack 1affected 7 for x64-based Systems Service Pack 1affected 8.1 for 32-bit systemsaffected 8.1 for x64-based systemsaffected RT 8.1+15 more versions |
Microsoft | Windows Server | affected 2008 R2 for x64-based Systems Service Pack 1 (Core installation)affected 2008 R2 for Itanium-Based Systems Service Pack 1affected 2008 R2 for x64-based Systems Service Pack 1affected 2008 for 32-bit Systems Service Pack 2 (Core installation)affected 2012+12 more versions |
Microsoft | Microsoft SharePoint Foundation | affected 2010 Service Pack 2affected 2013 Service Pack 1 |
Microsoft | Microsoft .NET Framework 4.5.2 | affected Windows 7 for 32-bit Systems Service Pack 1affected Windows 7 for x64-based Systems Service Pack 1affected Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)affected Windows Server 2008 R2 for x64-based Systems Service Pack 1affected Windows Server 2012+8 more versions |
Microsoft | Microsoft .NET Framework 4.6 | affected Windows Server 2008 for 32-bit Systems Service Pack 2affected Windows Server 2008 for x64-based Systems Service Pack 2 |
Microsoft | Microsoft SharePoint Enterprise Server | affected 2016affected 2013 Service Pack 1 |
Microsoft | Microsoft .NET Framework 4.6/4.6.1/4.6.2 | affected Windows 10 for 32-bit Systemsaffected Windows 10 for x64-based Systems |
Microsoft | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | affected Windows 7 for 32-bit Systems Service Pack 1affected Windows 7 for x64-based Systems Service Pack 1affected Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)affected Windows Server 2008 R2 for x64-based Systems Service Pack 1affected Windows Server 2012+6 more versions |
Microsoft | Microsoft SharePoint Server | affected 2019 |
Microsoft | Windows 10 Version 1903 for 32-bit Systems | affected unspecified |
Microsoft | Windows 10 Version 1903 for x64-based Systems | affected unspecified |
Microsoft | Windows 10 Version 1903 for ARM64-based Systems | affected unspecified |
Microsoft | Windows Server, version 1903 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2012 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows RT 8.1 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2016 | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation) | affected 1903 |
Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | affected unspecified |
Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | affected unspecified |
Microsoft | Microsoft.IdentityModel | affected 7.0.0 |
Microsoft | Microsoft .NET Framework 3.5 | affected Windows Server 2012affected Windows Server 2012 (Server Core installation)affected Windows 8.1 for 32-bit systemsaffected Windows 8.1 for x64-based systemsaffected Windows Server 2012 R2+14 more versions |
Microsoft | Microsoft .NET Framework 3.0 | affected Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2affected Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2affected Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 |
Microsoft | Microsoft .NET Framework 2.0 | affected Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2affected Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2affected Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 |
Microsoft | Microsoft .NET Framework 3.5.1 | affected Windows 7 for 32-bit Systems Service Pack 1affected Windows 7 for x64-based Systems Service Pack 1affected Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)affected Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1affected Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now