Home

Latest SAML Vulnerability : Not present in Azure AD and ADFS

Highlighted
Community Manager

Recently a security vulnerability was discovered in a number of SAML SSO implementations which makes it possible for a signed SAML token to be manipulated to impersonate another user or to change the scope of a user’s authorization in some circumstances. The vulnerability is described in the finder’s blog, here. Many of you have been asking whether this affects Microsoft identity servers and services.

 

We can confirm that Microsoft Azure Active Directory, Azure Active Directory B2C and Microsoft Windows Server Active Directory Federation Services (ADFS) are NOT affected by this vulnerability. The Microsoft account system is also NOTaffected. Additionally, we can confirm that neither the Windows Identity Foundation (WIF) nor the ASP.NET WS-Federation middleware have this vulnerability.

 

Read more about it in the Enterprise Mobility + Security blog.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies