Authentication flaw

2011-12-3001:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka “ASP.Net Forms Authentication Bypass Vulnerability.”

CPENameOperatorVersion
windows_7eq sp1x86
windows_7eq sp1x64
windows_server_2008eqr2 itanium
windows_server_2008eq sp2x64
windows_server_2008eq sp2x86
windows_vistaeq- sp2
windows_xpeqsp3 unknown-english

Name	Operator	Version
windows_7	eq	sp1x86
windows_7	eq	sp1x64
windows_server_2008	eq	r2 itanium
windows_server_2008	eq	sp2x64
windows_server_2008	eq	sp2x86
windows_vista	eq	- sp2
windows_xp	eq	sp3 unknown-english