Unrated severityNVD Advisory· Published Aug 14, 2013· Updated Apr 29, 2026

CVE-2013-3185

Description

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."

Affected products

Microsoft/Active Directory Federation Services2 versions
cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/ncas/alerts/TA13-225AnvdThird Party AdvisoryUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-066nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18318nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000