Vulnerabilities > CVE-2009-2508 - Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
microsoft
CWE-255
nessus
NVD
Published: 2009-12-09
Updated: 2019-02-26

Summary

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
5

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS09-070
bulletin_url
date2009-12-08T00:00:00
impactRemote Code Execution
knowledgebase_id971726
knowledgebase_url
severityImportant
titleVulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS09-070.NASL
descriptionThe version of Microsoft Active Directory Federation Services (ADFS) installed on the remote host is affected by the following vulnerabilities : - Insufficient session management validation in the single sign-on functionality of ADFS could allow a remote, authenticated user to spoof the identity of another user. (CVE-2009-2508) - Incorrect validation of request headers when a remote, authenticated user connects to an ADFS-enabled web server could be leveraged to perform actions on the affected IIS server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges. (CVE-2009-2509)
last seen2020-06-01
modified2020-06-02
plugin id43062
published2009-12-08
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/43062
titleMS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Oval

accepted2014-03-03T04:01:11.395-05:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
descriptionThe single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
familywindows
idoval:org.mitre.oval:def:5882
statusaccepted
submitted2009-12-08T13:00:00
titleSingle Sign On Spoofing in ADFS Vulnerability
version41

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 37215 CVE ID: CVE-2009-2508 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的ADFS服务没有充分地验证会话管理,如果攻击者能够访问目标用户近期所使用的用于访问提供单次登录站点的工作站和Web浏览器,就可能允许攻击者扮演为通过认证的用户。 攻击者必须可以访问终端上之前用户所使用的认证令牌才可以利用这个漏洞。在启用了HTTPS服务器的情况下,认证令牌在传输中是受保护的,攻击者必须能够访问受害者的计算机(如自助终端机)才可以利用这个漏洞。在自助终端机上,用户可能登录到ADFS SSO Web应用然后注销应用。之后攻击者可以使用该计算机以之前用户的身份访问Web应用,尽管该用户已经注销。 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-070)以及相应补丁: MS09-070:Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) 链接:http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx?pf=true
idSSV:15046
last seen2017-11-19
modified2009-12-12
published2009-12-12
reporterRoot
titleMicrosoft Windows ADFS服务单次登录功能认证欺骗漏洞(MS09-070)

References