Active Directory Federation Services Logoff Bypass Vulnerability

Active Directory Federation Services Logoff Bypass Vulnerability

CVE-2015-1638 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Learn more about our Cis Benchmark Audit For Server Software.