Vigil@nce - Windows: information disclosure via AD FS
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read AD FS data on Windows, in order to obtain
sensitive information.
Impacted products: Microsoft Windows 2012
Severity: 2/4
Creation date: 14/04/2015
DESCRIPTION OF THE VULNERABILITY
The AD FS (Active Directory Federation Services) service is used
to share information between entities (federations).
Users use the Logoff feature, in order to disconnect from the
system. However, due to a Logoff failure, the last user is still
authenticated.
An attacker can therefore read AD FS data on Windows, in order to
obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-information-disclosure-via-AD-FS-16603