Microsoft ASP.NET Forms authentication bypass
Description
A vulnerability exists in the Forms Authentication mechanism of Microsoft ASP.NET Framework versions 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 that allows authenticated attackers to bypass authentication controls. By crafting a specially formatted username, an attacker with valid credentials can manipulate the authentication token to gain unauthorized access to other user accounts within the application. This vulnerability undermines the integrity of the Forms Authentication system, which is commonly used to protect web applications.
Remediation
Apply the official security patch MS11-100 immediately from Microsoft Security Updates: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-100.
Temporary Workaround for .NET 4.0:
If immediate patching is not possible, you can mitigate this vulnerability in .NET Framework 4.0 applications by configuring the Forms Authentication ticket compatibility mode. Add or modify the following configuration in your application's web.config file:
<system.web>
<authentication mode="Forms">
<forms ticketCompatibilityMode="Framework40" />
</authentication>
</system.web>Note: This workaround only applies to .NET 4.0 and should be considered a temporary measure. Applying the official patch is the only complete remediation for all affected framework versions.