Microsoft BackOffice Server Web Administration Authentication Bypass Vulnerability

An issue has been discovered, which could allow for unauthorized users to bypass authentication to a Microsoft BackOffice host.

Submitting an HTTP request directly to the services.asp (Boadmin/Backoffice/Services.asp) will bypass the login screen.

It should be noted that this issue only occurs if basic authentication is being used.


Privacy Statement
Copyright 2010, SecurityFocus