Vulnerabilities > CVE-2002-0736 - Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

microsoft

critical

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Backoffice 4.0 Microsoft Backoffice 4.5	2

References

http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
http://support.microsoft.com/support/kb/articles/q316/8/38.asp
http://www.iss.net/security_center/static/8862.php
http://www.securityfocus.com/bid/4528