Azure Active Directory Connect
CVE-2021-36949
HIGH
Severity by source
AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
AnalysisAI
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability. Rated high severity (CVSS 7.1). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability Affected products include: Microsoft Azure Active Directory Connect, Microsoft Azure Active Directory Connect Provisioning Agent.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today