Priority

(Urgent) I can't use the CLI

Description

Our sharepoint deployment pipelines stopped working with message "PKCS#12 MAC could not be verified. Invalid password?"
Pipelines worked 2 weeks, cert thumbprint in appregistration matches certificate, cert hasn´t changed and still lasts multiple months.

Steps to reproduce

1. Create a pkcs12 cert without a password

CN="Test cert"
certPath="/temp"

openssl genrsa -out "$certPath\private.key" 2048
openssl req -new -key "$certPath\private.key" -out "$certPath\cert.csr" -subj "/CN=$CN"
openssl x509 -req -days 365 -in "$certPath\cert.csr" -signkey "$certPath\private.key" -out "$certPath\certificate.pem"
openssl pkcs12 -export -out "$certPath\certificate.pfx" -inkey "$certPath\private.key" -in "$certPath\certificate.pem" -passout pass:

base64 -i "$certPath\certificate.pfx" -o "${certPath}\certificate_base64.txt"

2. Create a Entra ID App registration and upload certificate.pem

3. Try to login to App

tenantId=...
appId=...
base64EncodedCert=...

npm install -g @pnp/cli-microsoft365
m365 login --authType certificate --tenant $tenantId --appId $appId--certificateBase64Encoded $base64EncodedCert --password ""

Expected results

Successful login

Actual results

"PKCS#12 MAC could not be verified. Invalid password?"

Diagnostics

No response

CLI for Microsoft 365 version

9.0

nodejs version

18.20.4

Operating system (environment)

Linux

Shell

bash

cli doctor

No response

Additional Info

I already found the source of the problem: 9.0 added a fallback to config password on a "falsy" password instead of an nullish one in the login command

b564b61#r146549072