CVE Vulnerabilities

CVE-2009-2508

Published: Dec 09, 2009 | Modified: Feb 26, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browsers cache, aka Single Sign On Spoofing in ADFS Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2003 Microsoft * *

References