CVE-2019-1006

HIGH

.NET Framework - Authentication Bypass via SAML Token Arbitrary Symmetric Key Signing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1006. PoCs published by 521526.

AI-analyzed exploit summary This repository contains a Python script that checks for the presence of CVE-2019-1006 by verifying the version of the MsRdpClientShell.ActiveX control on an RDG Gateway server. It does not exploit the vulnerability but scans for it by analyzing the server's response.

Description

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Exploits (1)

nomisec SCANNER 1 stars
by 521526 · poc
https://github.com/521526/CVE-2019-1006

This repository contains a Python script that checks for the presence of CVE-2019-1006 by verifying the version of the MsRdpClientShell.ActiveX control on an RDG Gateway server. It does not exploit the vulnerability but scans for it by analyzing the server's response.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: RDG Gateway server with MsRdpClientShell.ActiveX control
No auth needed
Prerequisites: Network access to the target RDG Gateway server
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0602
EPSS Percentile 92.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-295
Status published
Products (36)
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 3.0 sp2
microsoft/.net_framework 3.5
microsoft/.net_framework 4.7.2
microsoft/.net_framework 4.8
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.5.2
microsoft/.net_framework 4.6
microsoft/.net_framework 4.6.1
microsoft/.net_framework 4.6.2
... and 26 more
Published Jul 15, 2019
Tracked Since Feb 18, 2026