54 matches found
Microsoft Authentication Library 安全漏洞
Microsoft Authentication Library MSAL is an authentication library from Microsoft Corporation. A security vulnerability exists in the Microsoft Authentication Library that originates in MSAL.NET applications that are susceptible to a local denial of service in the authentication flow. Affected...
Microsoft Authentication Library 安全漏洞
Microsoft Authentication Library MSAL is an authentication library from Microsoft Corporation. A security vulnerability exists in Microsoft Authentication Library. An attacker can exploit the vulnerability to elevate privileges. The following products and editions are affected:Windows Server...
Design/Logic Flaw
discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...
CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform
discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...
CVE-2023-46241
The CVE-2023-46241 entry concerns the discourse-microsoft-auth plugin for Discourse, which allows Microsoft-based authentication and can enable account takeovers when sites are configured to non-single-tenant accounts. The issue is linked to authentication handling within the plugin and has been ...
PT-2024-13342 · Discourse · Discourse-Microsoft-Auth
Name of the Vulnerable Software and Affected Versions: discourse-microsoft-auth plugin affected versions not specified Description: The discourse-microsoft-auth plugin enables authentication via Microsoft. On sites with this plugin enabled, an attack can potentially take control of a victim's...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse discourse-microsoft-auth 9543d188 and prior versions, which can be exploited by an attack to compromise a victim's Discourse...
Microsoft Build brings new innovations and capabilities to keep developers and customers secure
As both organizations and developers adapt to the new reality of working and collaborating in a remote environment, it’s more important than ever to ensure that their experiences are secure and trusted. As part of this week’s Build virtual event, we’re introducing new Identity innovation to help...
Exploit for Improper Authentication in Microsoft
CVE-2020-0688 Working Exploit PoC CVE-202...
The vulnerability of the Microsoft Authentication Library (MSAL), which stems from the lack of protection for service data, allows attackers to disclose the protected information.
The vulnerability of the Microsoft Authentication Library MSAL is related to the lack of protection for service data. Exploiting this vulnerability could allow a perpetrator to disclose the protected information...
CVE-2019-1487
An information disclosure vulnerability in Android Apps using Microsoft Authentication Library MSAL 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'...
KLA11644 An information disclosure vulnerability in Microsoft Downloads
An information disclosure vulnerability was found in Microsoft Downloads. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2019-1487 Related products Microsoft-Authentification-Library-for-Android CVE list CVE-2019-1487 warning KB list Soluti...
Microsoft Authentication Library CVE-2019-1487 Information Disclosure Vulnerability
Description Microsoft Authentication Library is prone to a information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Authentication Library 0.3.1-Alpha Recommendations Block external...
PT-2009-4912 · Microsoft · Windows Server 2008 R2 +2
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Description: A remote code execution issue exists due to improper validation of MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests. This allows...