Описание
Microsoft Visual Studio Spoofing Vulnerability
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL. An attacker who successfully exploited this vulnerability could compromise the access tokens, exposing security and privacy risks.
To exploit this vulnerability, an attacker would need to monitor the network traffic between a client machine and server while the end user is developing an Outlook Web Add-in, and the client also has two-factor authentication enabled in Outlook.
The update addresses the vulnerability by securing the reply URL with HTTPS.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с передачей учетных данных в незашифрованном виде, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS