Vulnerabilities > CVE-2009-2508 - Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS09-070 |
bulletin_url | |
date | 2009-12-08T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 971726 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS09-070.NASL |
description | The version of Microsoft Active Directory Federation Services (ADFS) installed on the remote host is affected by the following vulnerabilities : - Insufficient session management validation in the single sign-on functionality of ADFS could allow a remote, authenticated user to spoof the identity of another user. (CVE-2009-2508) - Incorrect validation of request headers when a remote, authenticated user connects to an ADFS-enabled web server could be leveraged to perform actions on the affected IIS server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges. (CVE-2009-2509) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 43062 |
published | 2009-12-08 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/43062 |
title | MS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) |
Oval
accepted | 2014-03-03T04:01:11.395-05:00 | ||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
description | The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | ||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5882 | ||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||
submitted | 2009-12-08T13:00:00 | ||||||||||||||||||||||||||||||||||||||||
title | Single Sign On Spoofing in ADFS Vulnerability | ||||||||||||||||||||||||||||||||||||||||
version | 41 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 37215 CVE ID: CVE-2009-2508 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的ADFS服务没有充分地验证会话管理,如果攻击者能够访问目标用户近期所使用的用于访问提供单次登录站点的工作站和Web浏览器,就可能允许攻击者扮演为通过认证的用户。 攻击者必须可以访问终端上之前用户所使用的认证令牌才可以利用这个漏洞。在启用了HTTPS服务器的情况下,认证令牌在传输中是受保护的,攻击者必须能够访问受害者的计算机(如自助终端机)才可以利用这个漏洞。在自助终端机上,用户可能登录到ADFS SSO Web应用然后注销应用。之后攻击者可以使用该计算机以之前用户的身份访问Web应用,尽管该用户已经注销。 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-070)以及相应补丁: MS09-070:Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) 链接:http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx?pf=true |
id | SSV:15046 |
last seen | 2017-11-19 |
modified | 2009-12-12 |
published | 2009-12-12 |
reporter | Root |
title | Microsoft Windows ADFS服务单次登录功能认证欺骗漏洞(MS09-070) |