O365 Moodle
Monthly
Authentication bypass in the Microsoft 365 / Microsoft Entra ID (local_o365) plugin for Moodle allows an unauthenticated attacker to forge a JWT and log in as any Office 365-linked Moodle user before versions 4.5.6, 5.0.5, and 5.1.1. The Teams SSO endpoint sso_login.php base64-decodes the JWT payload and trusts the 'upn' claim without verifying the token signature, so a self-signed or hand-crafted token is accepted as valid. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially exploitable and confirmed by a Microsoft GitHub security advisory (GHSA-hqjh-93qv-47v5).
Authentication bypass in the Microsoft 365 / Microsoft Entra ID (local_o365) plugin for Moodle allows an unauthenticated attacker to forge a JWT and log in as any Office 365-linked Moodle user before versions 4.5.6, 5.0.5, and 5.1.1. The Teams SSO endpoint sso_login.php base64-decodes the JWT payload and trusts the 'upn' claim without verifying the token signature, so a self-signed or hand-crafted token is accepted as valid. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially exploitable and confirmed by a Microsoft GitHub security advisory (GHSA-hqjh-93qv-47v5).