ID CVE-2009-2508
Summary The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Windows Server 2008 Service Pack 2 for 32-bit systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x32
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
CVSS
Base: 6.9 (as of 10-12-2009 - 09:05)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS09-070
bulletin_url
date 2009-12-08T00:00:00
impact Remote Code Execution
knowledgebase_id 971726
knowledgebase_url
severity Important
title Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS09-070.NASL
description The version of Microsoft Active Directory Federation Services (ADFS) installed on the remote host is affected by the following vulnerabilities : - Insufficient session management validation in the single sign-on functionality of ADFS could allow a remote, authenticated user to spoof the identity of another user. (CVE-2009-2508) - Incorrect validation of request headers when a remote, authenticated user connects to an ADFS-enabled web server could be leveraged to perform actions on the affected IIS server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges. (CVE-2009-2509)
last seen 2019-02-21
modified 2018-11-15
plugin id 43062
published 2009-12-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=43062
title MS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
oval via4
accepted 2014-03-03T04:01:11.395-05:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
description The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
family windows
id oval:org.mitre.oval:def:5882
status accepted
submitted 2009-12-08T13:00:00
title Single Sign On Spoofing in ADFS Vulnerability
version 37
refmap via4
cert TA09-342A
ms MS09-070
Last major update 21-08-2010 - 01:33
Published 09-12-2009 - 13:30
Last modified 26-02-2019 - 09:04
Back to Top