A critical authentication vulnerability in Himmelblau allows unauthenticated attackers to bypass domain restrictions and gain access to Microsoft Azure Entra ID and Intune environments.

When deployed without a configured tenant domain in himmelblau.conf, the suite fails to enforce tenant-scoped authentication. This allows an unauthenticated attacker to use arbitrary Entra ID domains by dynamically registering providers at runtime, bypassing intended security boundaries in remote environments.

This flaw permits unauthorized access to sensitive enterprise identity and device management platforms. Given the CVSS score of 10, the risk includes total compromise of Azure Entra ID and Intune configurations, leading to unauthorized data access and potential lateral movement across the corporate cloud infrastructure.

Immediate Action: Update the Himmelblau suite to version 3.1.0 immediately and ensure a specific tenant domain is configured in the himmelblau.conf file.

Proactive Monitoring: Review authentication logs for login attempts from unexpected or unknown Entra ID domains and monitor for dynamic provider registration events.

Compensating Controls: Use IP allowlisting to restrict access to the Himmelblau service and implement multi-factor authentication (MFA) across all identity providers.

Public Exploit Available: false

Organizations relying on Himmelblau for Azure interoperability must treat this as a top-priority remediation. The ability to bypass tenant scoping effectively nullifies identity boundaries, necessitating an immediate update to version 3.1.0 to restore secure authentication.