Open redirect vulnerability in the Forms Authentication feature in Microsoft .NET FrameworkID: oval:org.secpod.oval:def:3630 | Date: (C)2011-12-30 (M)2023-12-14 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 R2 |
Microsoft Windows XP |
Product: |
Microsoft .NET Framework |