CVE-2006-1257

Currently unrated

Key Information:

Vendor: Microsoft
Status: Commerce Server
Vendor: CVE Published:; 19 March 2006

Summary

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25330

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/594

third-party-advisoryx_refsource_SREASON

http://msdn.microsoft.com/library/default.asp?url=/librar...

x_refsource_CONFIRM

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 19, 2006
Vulnerability Reserved
Mar 18, 2006

Collectors

NVD DatabaseMitre Database