Authentication bypass
The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.
Advisories for Npm/Passport-Azure-Ad package
2016
The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.