CVE-2019-1006: Improper Certificate Validation

July 15, 2019 (updated August 24, 2020)

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka ‘WCF/WIF SAML Token Authentication Bypass Vulnerability’.

References

nvd.nist.gov/vuln/detail/CVE-2019-1006
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006

Code Behaviors & Features

Detect and mitigate CVE-2019-1006 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →