| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-066 | Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872) | Active Directory | Important | 14-08-2013 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). The vulnerability could reveal information pertaining to the service account used by AD FS. An attacker could then attempt logons from outside the corporate network, which would result in account lockout of the service account used by AD FS if an account lockout policy has been configured. This would result in denial of service for all applications relying on the AD FS instance.
Detailed Information on the risk:
An information disclosure vulnerability exists in Active Directory Federation Services (AD FS) that could allow the unintentional disclosure of account information.
Further information on this exploit is available at : MS13-066
Affected Software
Active Directory Federation Services 2.1Active Directory Federation Services 2.0
Active Directory Federation Services 1.x