CVE-2019-1006

HIGH

Microsoft .net Framework - Improper Certificate Validation

Title source: rule

Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Exploits (1)

nomisec SCANNER 1 stars

by 521526 · poc

https://github.com/521526/CVE-2019-1006

View Code ZIP pw:eip

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006

Scores

CVSS v3 7.5

EPSS 0.0269

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (36)

microsoft/.net_framework 2.0 sp2

microsoft/.net_framework 3.0 sp2

microsoft/.net_framework 3.5

microsoft/.net_framework 4.7.2

microsoft/.net_framework 4.8

microsoft/.net_framework 3.5.1

microsoft/.net_framework 4.5.2

microsoft/.net_framework 4.6

microsoft/.net_framework 4.6.1

microsoft/.net_framework 4.6.2

... and 26 more

Published Jul 15, 2019

Tracked Since Feb 18, 2026