| VID |
28140 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Commerce Server 2002, according to its version number, has an authentication bypass vulnerability. Microsoft Commerce Server is a web server product for building, deploying, and analyzing e-commerce sites. Microsoft Commerce Server 2002 prior to SP2 could allow a remote attacker to bypass authentication and logon as a valid user without knowing the password using the sample ASP files in the authfiles directory. If the attacker has knowledge of a valid username, the attacker could bypass authentication and gain unauthorized access by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securityfocus.com/archive/1/archive/1/427974/100/0/threaded
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_securityconcepts_cbgw.asp
http://secunia.com/advisories/9176
http://www.osvdb.org/24121
* Platforms Affected:
Microsoft Commerce Server 2002
Microsoft Commerce Server 2002 SP1
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest Service Pack of Microsoft Commerce Server 2002 (SP2 or later), available from Microsoft's Web site at http://www.microsoft.com/downloads/details.aspx?familyid=58e6d658-cc3e-4846-8ef7-264e6eeb4c1e |
| Related URL |
CVE-2006-1257 (CVE) |
| Related URL |
17134 (SecurityFocus) |
| Related URL |
25330 (ISS) |
|
