The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka ASP.Net Forms Authentication Bypass Vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_7 | Microsoft | - (including) | - (including) |
Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
Windows_server_2003 | Microsoft | * | * |
Windows_server_2008 | Microsoft | * | * |
Windows_server_2008 | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_server_2008 | Microsoft | r2 (including) | r2 (including) |
Windows_vista | Microsoft | * | * |
Windows_vista | Microsoft | –sp2 (including) | –sp2 (including) |
Windows_xp | Microsoft | * | * |
Windows_xp | Microsoft | sp3-unknown (including) | sp3-unknown (including) |