Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
References
Link | Resource |
---|---|
http://www.us-cert.gov/ncas/alerts/TA13-134A | Third Party Advisory US Government Resource |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040 | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2013-05-15T01:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2013-01-12T00:00:00
Link: CVE-2013-1337
JSON object: View
NVD Information
Status : Modified
Published: 2013-05-15T03:36:34.420
Modified: 2018-10-12T22:04:19.757
Link: CVE-2013-1337
JSON object: View
Redhat Information
No data.
CWE