Microsoft ADFS Vulnerability Lets Attackers Bypass ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

tdsan,
User Rank: Ninja
8/16/2018 | 2:22:39 PM

Very good article

I enjoyed reading the post, it seems that ADFS has some issues but it if someone with the right influence, money, and power wanted to make a go at getting a person's credentials, they could.

So this goes beyond the ADFS Vulnerability, this says as humans we are ultimately flawed, where if pushed hard enough with the right level of influence, anyone could be susceptible to being compromised.

So to be honest, all of this security talk is nothing more than a facade, so basically, anyone can be compromised. So then the answer to our security concerns is not the technology, it is the people.

T

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

For Cybersecurity to Be Proactive, Terrains Must Be Mapped

Craig Harber, Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019

A Realistic Threat Model for the Masses

Lysa Myers, Security Researcher, ESET, 10/9/2019

USB Drive Security Still Lags

Dark Reading Staff 10/9/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

White Papers

IDC Workbook: Cloud Security Roadmap

7 Experts Discuss Evaluating MSSPs

How to Combat Spear Phishing

How to Stop Floods of Malicious Calls

Threat Intelligence Platforms: Everything You Want to Know, But Didn't Know to Ask

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: We hired him because his resume said he had expert level Puppet skills. We're waiting for lunch so he can show off his Chef skills before HR ...

Cartoon Archive

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-17537
PUBLISHED: 2019-10-13

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.

CVE-2019-17538
PUBLISHED: 2019-10-13

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.

CVE-2019-17535
PUBLISHED: 2019-10-13

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.

CVE-2019-17536
PUBLISHED: 2019-10-13

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

CVE-2019-17533
PUBLISHED: 2019-10-13

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

Terms of Service
Privacy Statement
Legal Entities