Microsoft ASP.NET Forms authentication bypass

  • The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username. <br/>
  • Immediately apply the MS11-100 patch: <br/><br/> Workaround: <br/>In .NET 4.0 the vulnerability can be mitigated by setting the ticketCompatibilityMode attribute in the application or global web.config file like this:<br/><br/> <code><pre> <system.web> <authentication mode="Forms"> <forms ticketCompatibilityMode="Framework40" /> </authentication> </system.web> </pre></code>