Vigil@nce - Windows: information disclosure via AD Federation Services
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the AD Federation Services, in order to obtain
sensitive information, leading to a denial of service.
Impacted products: Windows 2003, Windows 2008, Microsoft Windows
2012
Severity: 2/4
Creation date: 13/08/2013
DESCRIPTION OF THE VULNERABILITY
The AD FS (Active Directory Federation Services) service is used
to share information between entities (federations).
However, an attacker can obtain the account name used by AD FS.
Technical details are unknown.
He can then try to log in, in order to lock the account.
An attacker can therefore use the AD Federation Services, in order
to obtain sensitive information, leading to a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-information-disclosure-via-AD-Federation-Services-13279