Headline

CVE-2023-35348

Active Directory Federation Service Security Feature Bypass Vulnerability

1 year ago

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.

1 year ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #microsoft #js #Azure Active Directory #Security Vulnerability