azure active directory passport (microsoft) — Vulnerabilities

Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

Vendors · microsoft · azure active directory passport

azure active directory passport

· 1 CVEsmicrosoft · 1 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2016-7191

Sep 28, 2016

The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

All microsoft products All Vendors CVE Database KEV Catalog