CVE-2006-1257

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

Published: Mar 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1257
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / commerce_server	2002-sp1	2002-sp1.x
microsoft / commerce_server	2002	2002.x

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_securityconcepts_cbgw.asp
http://securityreason.com/securityalert/594
http://www.osvdb.org/24121
http://www.securityfocus.com/archive/1/427974/100/0/threaded
http://www.securityfocus.com/bid/17134
https://exchange.xforce.ibmcloud.com/vulnerabilities/25330

Vulnerability Database

289,599

CVE-2006-1257