CVE-2011-3416

Description

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS