Headline
CVE-2023-35348: Active Directory Federation Service Security Feature Bypass Vulnerability
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
An attacker would require access to a low privileged session on the user’s device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim’s device.