3 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...
GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...