Description

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username.

Remediation

Immediately apply the MS11-100 patch: http://technet.microsoft.com/en-us/security/bulletin/ms11-100.

Workaround:
In .NET 4.0 the vulnerability can be mitigated by setting the ticketCompatibilityMode attribute in the application or global web.config file like this:

<system.web>
  <authentication mode="Forms">
    <forms ticketCompatibilityMode="Framework40" />
  </authentication>
</system.web>

References

MS11-100 patch

ASP.Net Forms Authentication Bypass

Related Vulnerabilities

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.40.2)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.9.2)

Drupal Core 8.x Security Bypass (8.0.0 - 8.1.6)

WordPress Plugin Starter Templates-Elementor, WordPress & Beaver Builder Templates Security Bypass (2.7.0)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (1.1.4.5)

Severity

High

Classification

CVE-2011-3416 CWE-264 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass