Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

07/09/2019

Created

07/10/2019

Added

07/09/2019

Modified

02/27/2023

Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges. The vulnerability exists in WCF, WIF 3.5 and above in .NET Framework, WIF 1.0 component in Windows, WIF Nuget package, and WIF implementation in SharePoint. An unauthenticated attacker can exploit this by signing a SAML token with any arbitrary symmetric key. This security update addresses the issue by ensuring all versions of WCF and WIF validate the key used to sign SAML tokens correctly.

Solution(s)

msft-kb4475510-b3780e7e-d0f3-43f1-a6fa-c6e274080160
msft-kb4475522-7049b380-3b85-4f6d-bf11-23830623cd15
msft-kb4475527-8aee6f42-5c6a-4740-8b34-b14e439f9130
msft-kb4506954-5ba394b0-3764-4f17-b499-2215a62d2046
msft-kb4506954-74282fe5-be00-4699-a195-522a3d0880fc
msft-kb4506954-d5fe53ee-ae04-4d95-9239-cc9ddbde9e0c
msft-kb4506955-3f67c8d9-57ba-498f-9654-a98e1220c042
msft-kb4506955-99dc0c5c-ee0a-4648-bd8f-8089e1546bce
msft-kb4506956-649798f9-0830-4fc4-a725-3370aa1fba37
msft-kb4506956-e33c558c-f884-4302-b560-9dbac91a42c5
msft-kb4506961-2bda529a-2127-4e97-8b0a-29044a4d6fe1
msft-kb4506961-6deb01c0-c76f-48d3-894a-53b1b4f83861
msft-kb4506961-6fad9459-9da8-4e99-97b2-43cd613d6d89
msft-kb4506962-45ee9b74-129e-418f-aeae-9bb511b3cc2b
msft-kb4506962-7d44f8c9-1363-4c3c-adc8-b025034c2ef3
msft-kb4506963-3d980137-34c7-499e-a59c-6d15d7ba853b
msft-kb4506963-4fc17f6a-c13f-488f-af8f-6613c83a6c6d
msft-kb4506963-7f4a8d18-ce57-4e25-b3f3-f3ca3efebfad
msft-kb4506963-fc1394a8-ae6a-4127-ad37-faf8ca5c68e5
msft-kb4506964-75e5697c-9359-4210-a3fe-8b39489cb26b
msft-kb4506964-e074f907-2a43-4449-9c88-d28ec406160b
msft-kb4506965-32db6850-8fd5-47b0-bc70-45b5fbff3b95
msft-kb4506965-b96ff331-0f87-4206-8363-25526f8a5ba6
msft-kb4506965-e5f0da31-10df-4861-96f4-ddc10afa19f4
msft-kb4506966-10005242-8f3d-4597-a1d5-07630719e1cf
msft-kb4506966-20e560cc-c834-4811-9318-7e90d6ce4fe7
msft-kb4506966-3d00926c-15f1-4b14-81d1-adbf15bcc8f8
msft-kb4506966-3eca07c8-4a4e-420b-b06f-02c2ff210030
msft-kb4506974-5fe0071f-3f51-4706-8084-b43a87190811
msft-kb4506974-ec2183b4-7fa4-4ecc-8842-551f0e63feb4
msft-kb4506974-ff30cddb-33a9-4286-8cbf-5d7b471e223d
msft-kb4506975-00a4bac2-68a7-434d-9f86-129822408fca
msft-kb4506975-4c9aedcd-bcdb-4320-afae-8f95f55ec894
msft-kb4506975-aeac28eb-c97a-408f-a3a5-f5b80bd1692f
msft-kb4506976-07143694-2011-4dde-aa25-cffe2dd918ce
msft-kb4506976-8b68cac4-b7a2-408d-97b5-1c709b747dc9
msft-kb4506976-cc94618d-f6d5-47e4-b3fb-41e244faec04
msft-kb4506977-5959cb99-51f3-446c-93c7-bf4a94597ee4
msft-kb4506977-818d2338-2d9d-445d-adfb-53b3d952a0fc
msft-kb4506986-20b5a5b1-2f4c-46de-ba1f-f54f01dd1b91
msft-kb4506986-50162762-0303-49c3-8d76-17db7dc0a7db
msft-kb4506986-9354ae54-a1ec-47ed-abd4-11139a2e1e64
msft-kb4506987-18fcaf82-2eb0-467b-a553-3ba257738e88
msft-kb4506987-909b5569-9813-4254-a312-692b75cb8e3b
msft-kb4506988-141ed6e3-dff1-46ad-8638-a305aa827266
msft-kb4506988-c18d1240-9763-4c0a-bbb6-ebf24cf9bb11
msft-kb4506989-0f471f14-b623-488f-8ad0-0be32455f903
msft-kb4506989-4bdd2fff-ff12-44e6-94b8-5cf98e858af0
msft-kb4506989-690bab49-9b5d-4e50-9be8-74a84814e33a
msft-kb4506990-02d6d27a-1f9b-4247-8686-421d7d3dacc1
msft-kb4506990-1020ad12-debf-4de3-ac31-3462f7cc588a
msft-kb4506990-2d54721c-2292-406d-84d8-7416dd5fd21d
msft-kb4506991-60f479fb-479b-4529-8cf1-ad7f36811704
msft-kb4506991-a031e549-d93b-419b-8cdb-422ca5ab04e1
msft-kb4506991-e0ff3d94-1fe2-4cfc-a672-c845666dc559
msft-kb4506998-1f8bc980-998e-4303-b698-0c9b622cbd4d
msft-kb4506998-3af2e76f-3aff-4789-b4eb-382c4d4b28f8
msft-kb4506998-bfd77103-101b-4146-8f01-38fdb3145e37
msft-kb4507435-3adf123b-b79a-4c3b-8ca8-12d1ae6dd2fd
msft-kb4507435-3c7e1698-7296-4ec8-90b1-8607410972c7
msft-kb4507435-7b795c0d-b4d5-49ed-94be-687e9c81fea8
msft-kb4507450-7ab77e94-f8ab-419f-974f-506fdfefead9
msft-kb4507450-9e6233c8-7cce-4449-a4a4-73f02aa89c3d
msft-kb4507453-2e93d988-166a-4edf-811b-6bef2091599d
msft-kb4507453-8cedcb21-0200-433d-b32d-2d5ef741adec
msft-kb4507453-cf588052-676f-4530-8369-43c798c0c9e0
msft-kb4507455-b5c00614-8763-4439-9172-99e0d79b654c
msft-kb4507455-f708139b-3f47-4084-91aa-64c7b43f9c1b
msft-kb4507456-256714d3-2030-469c-8c6a-f30ff5ea5a10
msft-kb4507456-5c94bfe0-3546-493d-8de2-61342cbf5b96
msft-kb4507456-7cdee6a8-6f30-423e-b02c-3453e14e3a6e
msft-kb4507456-8ef94183-d630-48d8-8a60-d1a66f5bf53d
msft-kb4507456-a1f24376-4aff-404e-bb04-f6d00686d6dc
msft-kb4507456-df8085cf-9e2a-463b-92f3-e8c2dd920fe0
msft-kb4507457-3848287d-d32e-4e7b-b6a1-798ba1329599
msft-kb4507457-66318eca-fd0b-4e3e-b0f6-b0992e0f5d7c
msft-kb4507457-d8ac2164-d4d1-442d-adfa-0b5a886bd8c0
msft-kb4507458-138c1b7d-e52b-426f-9880-faed31e298dd
msft-kb4507458-6cc21b8f-e92c-4406-872c-c5964a38af75
msft-kb4507460-4b7e8790-e16d-4c77-b790-c08045983154
msft-kb4507460-a528e8a9-d68e-4d64-91dd-65db127836ec
msft-kb4507460-a9da78d9-858d-4639-b819-1723d2051c39
msft-kb4507461-585d930e-fe25-4ca6-ad2f-8ec034309c40
msft-kb4507461-6e49345e-8807-48dd-be6d-fb5433bcddcd
msft-kb4507461-f8662637-4580-4357-90a2-1e71f6c51021
msft-kb4507464-53bbafce-c9f3-4c30-aeff-c2ffb48b3773
msft-kb4507464-7ff2664d-6c32-4479-ba6d-3f8822f8128d
msft-kb4507464-a4fb9a27-eaf9-4ace-8ae1-31cd7b5621d7
msft-kb4507469-0784bfeb-5c3f-413c-8a87-494c8cca5348
msft-kb4507469-7d86f1ff-3201-412f-b6f3-fa4aac792617
msft-kb4507469-f95e51b9-03a6-4d85-aae7-86e48b69c96a

References

https://attackerkb.com/topics/cve-2019-1006
CVE - 2019-1006
4475510
4475520
4475522
4475527
4475529
4506954
4506955
4506956
4506961
4506962
4506963
4506964
4506965
4506966
4506974
4506975
4506976
4506977
4506986
4506987
4506988
4506989
4506990
4506991
4506992
4506993
4506994
4506995
4506996
4506997
4506998
4506999
4507000
4507001
4507002
4507003
4507004
4507005
4507411
4507412
4507413
4507414
4507419
4507420
4507421
4507422
4507423
4507435
4507448
4507449
4507450
4507452
4507453
4507455
4507456
4507457
4507458
4507460
4507461
4507462
4507464
4507469

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Microsoft CVE-2019-1006: WCF/WIF SAML Token Authentication Bypass Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.