Ccadruvi

**Name of the Vulnerable Software and Affected Versions** Himmelblau versions 2.0.0 through 3.1.4 Himmelblau versions prior to 2.3.11 **Description** An authentication bypass exists in the Device Authorization Grant (DAG) flow, which is a process allowing devices with limited input capabilities to be authenticated. This issue allows a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The flaw is located in the `token validate()` function, which validates domain aliases for multi-domain scenarios but fails to verify that the local part (username) of the authenticated user's User Principal Name (UPN) matches the requested account username, comparing only the domains instead of the complete usernames. **Recommendations** Update to version 3.1.5. Update to version 2.3.11.