Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
adfs/services/trust
Active Directory Federation Services
What an attacker could do
An exposed ADFS trust endpoint can be abused for WS-Trust username/password spraying that bypasses lockout and MFA, and a compromised token-signing key enables Golden SAML forgery of any user's identity.
How to defend it
Restrict the trust endpoints via Web Application Proxy with extranet smart lockout and MFA, protect token-signing keys, and disable legacy WS-Trust endpoints if not required.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation