CVE-2016-7191

2016-09-28T20:59:00
ID CVE-2016-7191
Type cve
Reporter secure@microsoft.com
Modified 2017-07-30T01:29:00

Description

The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.