Description
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username.
Remediation
Immediately apply the MS11-100 patch:
http://technet.microsoft.com/en-us/security/bulletin/ms11-100.
Workaround:
In .NET 4.0 the vulnerability can be mitigated by setting the
ticketCompatibilityMode attribute in the application or global web.config
file like this:
<system.web>
<authentication mode="Forms">
<forms ticketCompatibilityMode="Framework40" />
</authentication>
</system.web>
References
Related Vulnerabilities
WordPress Plugin WP eCommerce Security Bypass (3.8.14.3)
WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.4)
Drupal Core 7.x Security Bypass (7.0 - 7.4)
WordPress Plugin Premmerce Wishlist for WooCommerce Security Bypass (1.1.2)