Is CVE-2019-1006 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Microsoft.identitymodel

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vul…

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Microsoft.identitymodel — versions 7.0.0
Microsoft .Net Framework 2.0 — versions Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .Net Framework 3.0 — versions Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .Net Framework 3.5 — versions Windows Server 2012, Windows Server 2012 (Server Core installation), Windows 8.1 for 32-bit systems
Microsoft .Net Framework 3.5.1 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .Net Framework 3.5 And 4.7.2 On Windows 10 Version 1809 For 32-bit Systems — versions unspecified
Microsoft .Net Framework 3.5 And 4.7.2 On Windows 10 Version 1809 For X64-based Systems — versions unspecified
Microsoft .Net Framework 3.5 And 4.7.2 On Windows Server 2019 — versions unspecified
Microsoft .Net Framework 3.5 And 4.7.2 On Windows Server 2019 (Server Core Installation) — versions unspecified
Microsoft .Net Framework 3.5 And 4.8 On Windows 10 Version 1809 For 32-bit Systems — versions unspecified

Public proof-of-concept exploits

521526/CVE-2019-1006

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1006?: CVE-2019-1006 is a vulnerability in Microsoft Microsoft.identitymodel. Published 2019-07-15.
Is CVE-2019-1006 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.