CVE-2019-1126Improper Restriction of Excessive Authentication Attempts in Windows Server 2019

CWE-307Improper Restriction of Excessive Authentication Attempts5 documents3 sources
Severity
6.3MEDIUMNVD
NVD5.3
EPSS
2.0%
top 16.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Windows ServerMicrosoft Windows Server 2012Microsoft Windows Server 2016+5 more
Timeline
PublishedJul 15
Latest updateMay 24

Description

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

NVDmicrosoft/windowsr2, 1803, 1903+2
CVEListV5microsoft/windows_server7 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xppj-j5qj-xhcx: A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses2022-05-24
GHSA
GHSA-7f55-8m7r-49x9: A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet loc2022-05-24

📋Vendor Advisories

1
Microsoft
ADFS Security Feature Bypass Vulnerability2019-07-09
CVE-2019-1126 — Msrc Windows Server 2019 vulnerability | cvebase