CVE-2019-1258: Azure Active Directory Authentication Library Elevation of Privilege Vulnerability

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1258

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Azure Active Directory Authentication Library Elevation of Privilege Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this vulneraiblity by accessing a service configured for On-Behalf-Of flow that assigns incorrect tokens. This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Azure Active Directory Authentication Library 权限许可和访问控制问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Azure Active Directory Authentication Library是美国微软（Microsoft）公司的一款身份验证库。该产品允许客户端应用程序对用户进行身份验证。 Microsoft Azure Active Directory Authentication Library中的On-Behalf-Of flow存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞在其他用户的上下文中执行操作。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft	ADAL.NET	5.0.0 ~ publication	`cpe:2.3:a:microsoft:active_directory_authentication_library::::::.net::*`
Microsoft	Nuget 5.2.0	5.0.0 ~ publication	`cpe:2.3:a:microsoft:nuget:5.2.0:::::::*`

II. Public POCs for CVE-2019-1258

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-1258

Please Login to view more intelligence information

New Vulnerabilities

Vendor: Microsoft

V. Comments for CVE-2019-1258

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2019-1258

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-1258

III. Intelligence Information for CVE-2019-1258

New Vulnerabilities

V. Comments for CVE-2019-1258

Leave a comment