{"id":"CVE-2019-1006","details":"An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.","modified":"2026-04-10T04:13:38.621075Z","published":"2019-07-15T19:15:16.390Z","references":[{"type":"FIX","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powershell/powershell","events":[{"introduced":"0"},{"last_affected":"b54b188c1804d4dcebb09a8be3a67916abd94fd7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.0"}]}}],"versions":["v0.1.0","v0.2.0","v0.3.0","v0.4.0","v0.5.0","v0.6.0","v6.0.0-alpha.10","v6.0.0-alpha.11","v6.0.0-alpha.12","v6.0.0-alpha.13","v6.0.0-alpha.16","v6.0.0-alpha.17","v6.0.0-alpha.18","v6.0.0-alpha.7","v6.0.0-alpha.9","v6.0.0-beta.1","v6.0.0-beta.2","v7.0.0","v7.0.0-preview.6","v7.0.0-rc.1","v7.0.0-rc.2","v7.0.0-rc.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.5.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2013-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"2016"}]},{"events":[{"introduced":"0"},{"last_affected":"2010-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"2013-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"2019"}]},{"events":[{"introduced":"0"},{"last_affected":"1607"}]},{"events":[{"introduced":"0"},{"last_affected":"1703"}]},{"events":[{"introduced":"0"},{"last_affected":"1709"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]},{"events":[{"introduced":"0"},{"last_affected":"1809"}]},{"events":[{"introduced":"0"},{"last_affected":"1903"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]},{"events":[{"introduced":"0"},{"last_affected":"1903"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1006.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}