Name of the Vulnerable Software and Affected Versions: Microsoft Bot Builder SDK (affected versions not specified)

Description: A maliciously crafted claim may be incorrectly authenticated by the bot, requiring an attacker to have internal knowledge of the bot. This issue affects bots not configured to be used as a Skill.

Recommendations: For all affected versions, update to a patched version. As a temporary workaround, consider adding an authentication configuration containing ClaimsValidator which throws an exception if the Claims are Skill Claims.