Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
BID:17134
Info
Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
| Bugtraq ID: | 17134 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-1257 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2006 12:00AM |
| Updated: | Apr 19 2013 12:59PM |
| Credit: | Dimitri van de Giessen <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Commerce Server 2002 SP1 Microsoft Commerce Server 2002 |
| Not Vulnerable: |
Microsoft Commerce Server 2002 SP2 |
Discussion
Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
Microsoft Commerce Server 2002 is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to correctly authenticate users due to the possible existence of sample files.
An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as any pre-existing user.
Microsoft Commerce Server 2002 prior to Service Pack 2 are affected by this issue.
Microsoft Commerce Server 2002 is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to correctly authenticate users due to the possible existence of sample files.
An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as any pre-existing user.
Microsoft Commerce Server 2002 prior to Service Pack 2 are affected by this issue.
Exploit / POC
Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
This issue can be exploited through use of a web client.
This issue can be exploited through use of a web client.
Solution / Fix
Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
Solution:
The vendor has released Service Pack 2 to address this issue.
Microsoft Commerce Server 2002 SP1
Microsoft Commerce Server 2002
Solution:
The vendor has released Service Pack 2 to address this issue.
Microsoft Commerce Server 2002 SP1
-
Microsoft Commerce Server 2002 Service Pack 2 (SP2)
http://www.microsoft.com/downloads/details.aspx?familyid=58e6d658-cc3e -4846-8ef7-264e6eeb4c1e
Microsoft Commerce Server 2002
-
Microsoft Commerce Server 2002 Service Pack 2 (SP2)
http://www.microsoft.com/downloads/details.aspx?familyid=58e6d658-cc3e -4846-8ef7-264e6eeb4c1e
References
Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
References:
References:
- Commerce Server 2002: Important Security Notes (Microsoft)
- Commerce Server Home Page (Microsoft)