CVE-2020-0837

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2020
Last modified:
31/12/2023

Description

An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.<br /> To exploit this vulnerability, an attacker could send a specially crafted authentication request.<br /> This security update corrects how ADFS handles multi-factor authentication requests.<br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*