CVE-2011-3416

CWE-2644 documents4 sources
Severity
8.5HIGH
EPSS
52.8%
top 2.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows XP
Timeline
PublishedDec 30
Latest updateMay 13

Description

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-fqwg-5wxg-6mp3: The Forms Authentication feature in the ASP2022-05-13
CVEList
CVE-2011-3416: The Forms Authentication feature in the ASP2011-12-30

🔍Detection Rules

1
Suricata
ET WEB_SERVER ASP.NET Forms Authentication Bypass2012-01-03
CVE-2011-3416 (HIGH CVSS 8.5) | The Forms Authentication feature in | cvebase.io