Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1257

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1257
Last Modified 05 Sep 2008 05:01:26
Published 18 Mar 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1257

Summary

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

Vulnerable Systems

Application

  • Microsoft Commerce Server 2002


References

BID - 17134

BUGTRAQ - 20060316 Microsoft Commerce Server 2002: Logon as known user with a false password

XF - mscs-authfiles-authentication-bypass(25330)

OSVDB - 24121

CONFIRM - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_securityconcepts_cbgw.asp

SREASON - 594


Last Updated: 27 May 2016 10:41:59