An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka âWCF/WIF SAML Token Authentication Bypass Vulnerabilityâ.