Identitymodel Microsoft Identitymodel

stack.watch can notify you when security vulnerabilities are reported in Microsoft Identitymodel. You can add multiple products that you use with Identitymodel to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Microsoft Identitymodel . Last year Identitymodel had 1 security vulnerability published. Right now, Identitymodel is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Identitymodel vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Identitymodel Security Vulnerabilities

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF)

CVE-2019-1006 7.5 - High - July 15, 2019

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

CVE-2019-1006 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Certificate Validation