CVE-2013-3185

2013-08-1411:10:36

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-3185

ad fs

information disclosure

vulnerability

microsoft

active directory federation services

windows server

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka “AD FS Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftactive_directory_federation_servicesMatch2.0

microsoftactive_directory_federation_servicesMatch2.1

AND

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2012Match-

CPENameOperatorVersion
microsoft:active_directory_federation_servicesmicrosoft active directory federation serviceseq2.0
microsoft:active_directory_federation_servicesmicrosoft active directory federation serviceseq2.1

CPE	Name	Operator	Version
microsoft:active_directory_federation_services	microsoft active directory federation services	eq	2.0
microsoft:active_directory_federation_services	microsoft active directory federation services	eq	2.1