Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.
CPE | Name | Operator | Version |
---|---|---|---|
passport-sharepoint | eq | 0.3.0 |