CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Microsoft: >> Azure Active Directory Passport >> 1.3.3 Security Vulnerabilities

CVE-2016-7191

The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

CVSS Score

8.1

EPSS Score

0.105

Published

2016-09-28

Page 1

Vulnerabilities

Vulnerable Software

Microsoft: >> Azure Active Directory Passport >> 1.3.3 Security Vulnerabilities

Products

Pricing

Contact Us