0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability
[[+] Credits: Joshua Platz aka Binary1985
[+] CVE ID: Requested
[+] Website: https://github.com/binary1985
[+] Source:
https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ADFS-Timing-Attack
Vendor:
==========================
http://www.microsoft.com
Product:
===========
Active Directory Federated Services (ADFS)
Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating
systems to provide users with single sign-on access to systems and applications located across organizational boundaries.
Vulnerability Type:
==========================
Time Based User Enumeration
Vulnerability Details:
=====================
ADFS has an excessively long timeout on authentication requests using the correct domain, but invalid user. This is likely
due to the time it takes to search the entire AD directory and return a response. Response times vary with use cases seeing
valid accounts taking only .2 seconds, up to 3 seconds to return an invalid login. However invalid accounts have been seen
to take 15 seconds to respond.
1) Observe the ADFS URL https://adfs.exampledomain.com/adfs/ls/IdpInitiatedSignOn.aspx?
2) Observe the length of time for an invalid account to return on login attempt (ex 15 seconds) *you must use the valid
domain*
3) Observe the length of time for a valid account to return on login attempt (ex 2 seconds) *try domain\administrator or
domain\guest*
4) Intercept a request using anything as a valid username and password. Extract the cookie.
5) Add the cookie value to this PoC https://gist.github.com/binary1985/d778ef59c01fe82026ee2c9660904e3a on line 15.
6) Update the timings within the script to match your tests in step 2 and 3, the goal is to set the command timeout on
line 15 to something slightly greater then the timeout observed in step 3, and then update the logic on line 17
to something reasonable. Remember invalid accounts take a long time, valid accounts are quick
7) Execute the script, providing the ADFS URL as well as the domain and a user list.
Example: https://drive.google.com/open?id=0B5Pt6tipK7-9cnVkYi1qOFhxbEVFUVJCWjBHcHJZX0QxX3d3
# 0day.today [2024-11-04] #