AGAT Software Exposes Security Vulnerabilities in Microsoft ADFS

Tests carried out on live corporate ADFS servers have demonstrated the ability of hackers to lock internal accounts even if ADFS 3.0 extranet lockout protection is deployed

Jun 07, 2016, 07:00 ET from AGAT Software

JERUSALEM, June 7, 2016 /PRNewswire/ --

According to tests carried out on a number of large organizations by AGAT Software, organizations using Microsoft's ADFS (Active Directory Federation Services) for SSO (single sign on) to cloud or third party services such as Office 365, Skype for Business (Lync) Online or Salesforce expose their corporate networks to account lockout threats.

AGAT Software's flagship products include SkypeShield and ADFS Protector.

Testing conclusively demonstrated that companies using ADFS for authentication are vulnerable to threats caused by the external exposure of authentication services. The tests demonstrated the ability of hackers to lock Active Directory network user accounts which were believed to be protected. Only knowledge of the username was required, which is typically easy to guess or to find out.

The tests revealed that attackers can lock accounts through ADFS even when the ADFS Extranet Lockout feature of Windows 2012 is deployed to protect ADFS.

A successful attack can cause significant business damage by preventing the user from logging into the network and from performing any type of work. Even resources not requiring ADFS are affected. This attack vector can be abused as part of a wider DDoS attack, halting all the company's activities by locking all of the domain network users.

Beyond protecting ADFS, AGAT also offers a unified defense solution for protecting Skype for Business against account lockout. The Skype for Business topology creates challenges that are hard to address using generic solutions due to the multiple protocols, channels and methods used by a plethora of supported clients.

In order to raise awareness of the vulnerabilities that ADFS and Skype for Business deployments cause, AGAT Software is now offering a free test to companies wishing to validate that their network accounts are protected against account lockout for both ADFS deployments and Skype for Business on-premise deployments.

About AGAT Software  

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

AGAT developed SkypeShield to secure Microsoft Skype for Business connectivity with specific unified communication (UC) requirements.

To access a free vulnerability scan for your company, go to

For updates, follow us on LinkedIn, Twitter and Facebook.

Company contact: 

Yoav Crombie
Business Manager
AGAT Software
Mobile: +972-52-520-9860