Microsoft Visual Studio Spoofing Vulnerability - CVE-2020-0884ID: oval:org.secpod.oval:def:61843 | Date: (C)2020-03-11 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL. An attacker who successfully exploited this vulnerability could compromise the access tokens, exposing security and privacy risks. To exploit this vulnerability, an attacker would need to monitor the network traffic between a client machine and server while the end user is developing an Outlook Web Add-in, and the client also has two-factor authentication enabled in Outlook.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft Visual Studio 2017 |
Microsoft Visual Studio 2019 |