The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x prior to 1.4.6 and 2.x prior to 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote malicious users to bypass authentication via a crafted token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft azure active directory passport 1.0.0 |
||
microsoft azure active directory passport 1.1.0 |
||
microsoft azure active directory passport 1.3.5 |
||
microsoft azure active directory passport 1.3.6 |
||
microsoft azure active directory passport 2.0.0 |
||
microsoft azure active directory passport 1.3.3 |
||
microsoft azure active directory passport 1.3.4 |
||
microsoft azure active directory passport 1.4.4 |
||
microsoft azure active directory passport 1.4.5 |
||
microsoft azure active directory passport 1.3.1 |
||
microsoft azure active directory passport 1.3.2 |
||
microsoft azure active directory passport 1.4.2 |
||
microsoft azure active directory passport 1.4.3 |
||
microsoft azure active directory passport 1.1.1 |
||
microsoft azure active directory passport 1.2.0 |
||
microsoft azure active directory passport 1.3.0 |
||
microsoft azure active directory passport 1.4.0 |
||
microsoft azure active directory passport 1.4.1 |