Authentication bypass vulnerability in .NET Framework - CVE-2013-1337ID: oval:org.secpod.oval:def:10947 | Date: (C)2013-05-16 (M)2021-06-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with .NET Framework 4.5 and is prone to authentication bypass vulnerability. A flaw is present in the application, which fails to create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS. Successful exploitation allows attackers to bypass authentication by sending queries to an endpoint.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Product: |
Microsoft .NET Framework 4.5 |