CVE-2011-3416 Information

Description

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1 2.0 SP2 3.5 SP1 3.5.1 and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username aka \ASP.Net Forms Authentication Bypass Vulnerability.\

Reference

http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14363