Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
07/09/2019
Created
07/10/2019
Added
07/09/2019
Modified
09/11/2024

Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Solution(s)

  • microsoft-windows-windows_10-1507-kb4507458
  • microsoft-windows-windows_10-1607-kb4507460
  • microsoft-windows-windows_10-1703-kb4507450
  • microsoft-windows-windows_10-1709-kb4507455
  • microsoft-windows-windows_10-1803-kb4507435
  • microsoft-windows-windows_10-1809-kb4507469
  • microsoft-windows-windows_10-1903-kb4507453
  • microsoft-windows-windows_server_2012-kb4507464
  • microsoft-windows-windows_server_2012_r2-kb4507457
  • microsoft-windows-windows_server_2016-1607-kb4507460
  • microsoft-windows-windows_server_2019-1809-kb4507469
  • msft-kb4475510-b3780e7e-d0f3-43f1-a6fa-c6e274080160
  • msft-kb4475522-7049b380-3b85-4f6d-bf11-23830623cd15
  • msft-kb4475527-8aee6f42-5c6a-4740-8b34-b14e439f9130
  • msft-kb4506954-5ba394b0-3764-4f17-b499-2215a62d2046
  • msft-kb4506954-74282fe5-be00-4699-a195-522a3d0880fc
  • msft-kb4506954-d5fe53ee-ae04-4d95-9239-cc9ddbde9e0c
  • msft-kb4506955-3f67c8d9-57ba-498f-9654-a98e1220c042
  • msft-kb4506955-99dc0c5c-ee0a-4648-bd8f-8089e1546bce
  • msft-kb4506956-649798f9-0830-4fc4-a725-3370aa1fba37
  • msft-kb4506956-e33c558c-f884-4302-b560-9dbac91a42c5
  • msft-kb4506961-2bda529a-2127-4e97-8b0a-29044a4d6fe1
  • msft-kb4506961-6deb01c0-c76f-48d3-894a-53b1b4f83861
  • msft-kb4506961-6fad9459-9da8-4e99-97b2-43cd613d6d89
  • msft-kb4506962-45ee9b74-129e-418f-aeae-9bb511b3cc2b
  • msft-kb4506962-7d44f8c9-1363-4c3c-adc8-b025034c2ef3
  • msft-kb4506963-3d980137-34c7-499e-a59c-6d15d7ba853b
  • msft-kb4506963-4fc17f6a-c13f-488f-af8f-6613c83a6c6d
  • msft-kb4506963-7f4a8d18-ce57-4e25-b3f3-f3ca3efebfad
  • msft-kb4506963-fc1394a8-ae6a-4127-ad37-faf8ca5c68e5
  • msft-kb4506964-75e5697c-9359-4210-a3fe-8b39489cb26b
  • msft-kb4506964-e074f907-2a43-4449-9c88-d28ec406160b
  • msft-kb4506965-32db6850-8fd5-47b0-bc70-45b5fbff3b95
  • msft-kb4506965-b96ff331-0f87-4206-8363-25526f8a5ba6
  • msft-kb4506965-e5f0da31-10df-4861-96f4-ddc10afa19f4
  • msft-kb4506966-10005242-8f3d-4597-a1d5-07630719e1cf
  • msft-kb4506966-20e560cc-c834-4811-9318-7e90d6ce4fe7
  • msft-kb4506966-3d00926c-15f1-4b14-81d1-adbf15bcc8f8
  • msft-kb4506966-3eca07c8-4a4e-420b-b06f-02c2ff210030
  • msft-kb4506974-5fe0071f-3f51-4706-8084-b43a87190811
  • msft-kb4506974-ec2183b4-7fa4-4ecc-8842-551f0e63feb4
  • msft-kb4506974-ff30cddb-33a9-4286-8cbf-5d7b471e223d
  • msft-kb4506975-00a4bac2-68a7-434d-9f86-129822408fca
  • msft-kb4506975-4c9aedcd-bcdb-4320-afae-8f95f55ec894
  • msft-kb4506975-aeac28eb-c97a-408f-a3a5-f5b80bd1692f
  • msft-kb4506976-07143694-2011-4dde-aa25-cffe2dd918ce
  • msft-kb4506976-8b68cac4-b7a2-408d-97b5-1c709b747dc9
  • msft-kb4506976-cc94618d-f6d5-47e4-b3fb-41e244faec04
  • msft-kb4506977-5959cb99-51f3-446c-93c7-bf4a94597ee4
  • msft-kb4506977-818d2338-2d9d-445d-adfb-53b3d952a0fc
  • msft-kb4506986-20b5a5b1-2f4c-46de-ba1f-f54f01dd1b91
  • msft-kb4506986-50162762-0303-49c3-8d76-17db7dc0a7db
  • msft-kb4506986-9354ae54-a1ec-47ed-abd4-11139a2e1e64
  • msft-kb4506987-18fcaf82-2eb0-467b-a553-3ba257738e88
  • msft-kb4506987-909b5569-9813-4254-a312-692b75cb8e3b
  • msft-kb4506988-141ed6e3-dff1-46ad-8638-a305aa827266
  • msft-kb4506988-c18d1240-9763-4c0a-bbb6-ebf24cf9bb11
  • msft-kb4506989-0f471f14-b623-488f-8ad0-0be32455f903
  • msft-kb4506989-4bdd2fff-ff12-44e6-94b8-5cf98e858af0
  • msft-kb4506989-690bab49-9b5d-4e50-9be8-74a84814e33a
  • msft-kb4506990-02d6d27a-1f9b-4247-8686-421d7d3dacc1
  • msft-kb4506990-1020ad12-debf-4de3-ac31-3462f7cc588a
  • msft-kb4506990-2d54721c-2292-406d-84d8-7416dd5fd21d
  • msft-kb4506991-60f479fb-479b-4529-8cf1-ad7f36811704
  • msft-kb4506991-a031e549-d93b-419b-8cdb-422ca5ab04e1
  • msft-kb4506991-e0ff3d94-1fe2-4cfc-a672-c845666dc559
  • msft-kb4506998-1f8bc980-998e-4303-b698-0c9b622cbd4d
  • msft-kb4506998-3af2e76f-3aff-4789-b4eb-382c4d4b28f8
  • msft-kb4506998-bfd77103-101b-4146-8f01-38fdb3145e37
  • msft-kb4507435-3adf123b-b79a-4c3b-8ca8-12d1ae6dd2fd
  • msft-kb4507435-7b795c0d-b4d5-49ed-94be-687e9c81fea8
  • msft-kb4507450-7ab77e94-f8ab-419f-974f-506fdfefead9
  • msft-kb4507450-9e6233c8-7cce-4449-a4a4-73f02aa89c3d
  • msft-kb4507453-2e93d988-166a-4edf-811b-6bef2091599d
  • msft-kb4507453-8cedcb21-0200-433d-b32d-2d5ef741adec
  • msft-kb4507453-cf588052-676f-4530-8369-43c798c0c9e0
  • msft-kb4507455-b5c00614-8763-4439-9172-99e0d79b654c
  • msft-kb4507455-f708139b-3f47-4084-91aa-64c7b43f9c1b
  • msft-kb4507456-256714d3-2030-469c-8c6a-f30ff5ea5a10
  • msft-kb4507456-5c94bfe0-3546-493d-8de2-61342cbf5b96
  • msft-kb4507456-7cdee6a8-6f30-423e-b02c-3453e14e3a6e
  • msft-kb4507456-8ef94183-d630-48d8-8a60-d1a66f5bf53d
  • msft-kb4507456-a1f24376-4aff-404e-bb04-f6d00686d6dc
  • msft-kb4507456-df8085cf-9e2a-463b-92f3-e8c2dd920fe0
  • msft-kb4507457-3848287d-d32e-4e7b-b6a1-798ba1329599
  • msft-kb4507457-d8ac2164-d4d1-442d-adfa-0b5a886bd8c0
  • msft-kb4507458-138c1b7d-e52b-426f-9880-faed31e298dd
  • msft-kb4507458-6cc21b8f-e92c-4406-872c-c5964a38af75
  • msft-kb4507460-a528e8a9-d68e-4d64-91dd-65db127836ec
  • msft-kb4507460-a9da78d9-858d-4639-b819-1723d2051c39
  • msft-kb4507461-585d930e-fe25-4ca6-ad2f-8ec034309c40
  • msft-kb4507461-6e49345e-8807-48dd-be6d-fb5433bcddcd
  • msft-kb4507461-f8662637-4580-4357-90a2-1e71f6c51021
  • msft-kb4507464-53bbafce-c9f3-4c30-aeff-c2ffb48b3773
  • msft-kb4507464-a4fb9a27-eaf9-4ace-8ae1-31cd7b5621d7
  • msft-kb4507469-7d86f1ff-3201-412f-b6f3-fa4aac792617
  • msft-kb4507469-f95e51b9-03a6-4d85-aae7-86e48b69c96a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;