8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-7191

GHSA ID

GHSA-73jp-3c67-hjfv

EPSS Score

0.92877%

CWE

CWE-287

Published

7/26/2018

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-7191

CVE-2016-7191: Authentication Bypass in passport-azure-ad

Affected versions of passport-azure-ad do not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

Recommendation

Version 1.x: Update to version 1.4.6 or later. Version 2.x: Update to version 2.0.1 or later.

(GitHub Advisory)

8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-7191

GHSA ID

GHSA-73jp-3c67-hjfv

EPSS Score

0.92877%

CWE

CWE-287

Published

7/26/2018

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
passport-azure-ad	npm	>= 1.0.0, < 1.4.6	1.4.6
passport-azure-ad	npm	= 2.0.0	2.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper issuer validation in JWT processing. Both the validateIssuer configuration enforcement and the core verify() function were flawed: 1) The validateIssuer setting was not respected at the configuration level, and 2) The verification logic in the OIDC strategy's core function failed to implement issuer checks when this setting was enabled. This matches the described attack pattern where crafted tokens bypass authentication through improper issuer validation, and aligns with Microsoft's security notice about missing issuer validation when using common endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `p*ssport-*zur*-**` *o not r**o*niz* t** `v*li**t*Issu*r` s*ttin*, w*i** *llows r*mot* *tt**k*rs to *yp*ss *ut**nti**tion vi* * *r**t** tok*n. ## R**omm*n**tion V*rsion *.x: Up**t* to v*rsion *.*.* or l*t*r. V*rsion *.x: Up**t

Reasoning

T** vuln*r**ility st*ms *rom improp*r issu*r v*li**tion in JWT pro**ssin*. *ot* t** `v*li**t*Issu*r` *on*i*ur*tion *n*or**m*nt *n* t** *or* `v*ri*y()` *un*tion w*r* *l*w**: *) T** `v*li**t*Issu*r` s*ttin* w*s not r*sp**t** *t t** *on*i*ur*tion l*v*l,

8.1

Basic Information

Concerned about an active attack path?

CVE-2016-7191: Authentication Bypass in passport-azure-ad

Recommendation

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI