Back to search
CVE-2016-7191
Published: Sep 28, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD
x_refsource_CONFIRM
1036996
vdb-entry
x_refsource_SECTRACK
3187742
vendor-advisory
x_refsource_MSKB
93213
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now