Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2019-1258

CVE-2019-1258:
Vulnerability in Azure Active Directory Authentication Library

8.8

CVSS Score

Basic Information

CVE ID
CVE-2019-1258
GHSA ID
GHSA-xc6x-cq47-9chw
EPSS Score
-
CWE
-
Published
8/16/2019
Updated
5/31/2024
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
microsoft.identitymodel.clients.activedirectorynuget>= 5.0.0, <= 5.1.15.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper token caching in the On-Behalf-Of flow. The advisory explicitly states the fix involved 'removing fallback cache look-up for On-Behalf-Of scenarios.' The primary function handling OBO token acquisition (AcquireTokenOnBehalfAsync) would be responsible for cache interactions. While exact code isn't available, ADAL's architecture and Microsoft's patch description strongly implicate the OBO token acquisition path and its cache management logic as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *l*v*tion o* privil*** vuln*r**ility *xists in *zur* **tiv* *ir**tory *ut**nti**tion Li*r*ry On-****l*-O* *low, in t** w*y t** li*r*ry *****s tok*ns, *k* '*zur* **tiv* *ir**tory *ut**nti**tion Li*r*ry *l*v*tion o* Privil*** Vuln*r**ility'.

Reasoning

T** vuln*r**ility st*ms *rom improp*r tok*n ****in* in t** On-****l*-O* *low. T** **visory *xpli*itly st*t*s t** *ix involv** 'r*movin* **ll***k ***** look-up *or On-****l*-O* s**n*rios.' T** prim*ry *un*tion **n*lin* O*O tok*n **quisition (**quir*To