[rwth-security] Targeting AD FS With External Brute-Force Attacks

11 Jul 2019


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Targeting AD FS With External Brute-Force Attacks"
"On July 2019 Patch Tuesday, Microsoft released a 
     patch for CVE-2019-1126, an important vulnerability ...
     While Microsoft only released one patch, we believe 
     there are two vulnerabilities that allow attackers to 
     remotely launch brute-force attacks on AD FS servers 
     from the outside of the network. Attackers can bypass 
     the Extranet Lockout Protection security feature and 
     also bypass the Microsoft AD lockout policy(!) in 
     certain scenarios ..."
VG
Bernd
[0]
https://blog.preempt.com/security-advisory-targeting-ad-fs-with-external-bru...
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
https://www.itc.rwth-aachen.de

2024

2023

2022

2021

2020

2019

2018

[rwth-security] Targeting AD FS With External Brute-Force Attacks