Vulnerabilities > Microsoft > Azure Active Directory Passport > 1.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-28 | CVE-2016-7191 | Improper Authentication vulnerability in Microsoft Azure Active Directory Passport The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. | 4.3 |