none
Information Exposure Through Timing Discrepancy with ADFS 2012 R2 RRS feed

  • Question

  • Hi

    Our security team found a vulnerability CWE 208 "Information Exposure Through Timing Discrepancy"  with ADFS 2012 R2 (Ref: - "https://cwe.mitre.org/data/definitions/208.html & https://cwe.mitre.org/data/definitions/200.html"). They are asking to upgrade the version to 2016. 

    We are looking for an alternate solution like install a hotfix / a patch other than upgrading the OS version. Please suggest

    Thanks in advance


    LMS

    Sunday, October 20, 2019 11:43 AM

All replies

  • Can you please elaborate the test protocol to determine how the system is affected?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 23, 2019 2:33 AM
    Owner
  • Any update of this?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 29, 2019 1:15 PM
    Owner