Authentication Bypass in Microsoft Commerce Server 2002
CVE-2006-1257

Currently unrated

Key Information:

Vendor: Microsoft
Status: Commerce Server
Vendor: CVE Published:; 19 March 2006

Summary

Microsoft Commerce Server 2002 before Service Pack 2 contains a vulnerability in the authfiles directory, allowing remote attackers to bypass authentication. By logging in to authfiles/login.asp using a valid username and any password, an attacker can gain unauthorized access to the main site after navigating there twice. This flaw poses a significant risk to the security of the server and its data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25330

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/594

third-party-advisoryx_refsource_SREASON

http://msdn.microsoft.com/library/default.asp?url=/librar...

x_refsource_CONFIRM

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 19, 2006
Vulnerability Reserved
Mar 18, 2006