By the Year
In 2020 there have been 0 vulnerabilities in Microsoft Identitymodel . Last year Identitymodel had 1 security vulnerability published. Right now, Identitymodel is on track to have less security vulerabilities in 2020 than it did last year.
It may take a day or so for new Identitymodel vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Microsoft Identitymodel Security Vulnerabilities
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF)
7.5 - High
- July 15, 2019
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
CVE-2019-1006 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Improper Certificate Validation