Detections
Analytics

Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

high Nessus Plugin ID 21205

Synopsis

The remote web application may be vulnerable to an authentication bypass attack.

Description

The version of Microsoft Commerce Server 2002 installed on the remote host may enable an attacker to bypass authentication if the sample files from the 'AuthFiles' folder are installed under the web server's document root.

Note that successful exploitation of this issue requires knowledge of the location of the sample files as well as a valid user name.

Solution

Apply Commerce Server 2002 Service Pack 2 or later.

See Also

https://www.securityfocus.com/archive/1/archive/1/427974/100/0/threaded

http://www.nessus.org/u?69d936d0

Plugin Details

Severity: High

ID: 21205

File Name: commerceserver2002_auth_bypass.nasl

Version: 1.15

Type: local

Family: CGI abuses

Published: 4/10/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/17/2006

Reference Information

CVE: CVE-2006-1257

BID: 17134