CVE-2013-1337

Microsoft .net Framework - Authentication Bypass

Title source: rule

Description

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."

References (3)

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-134A

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040

Scores

EPSS 0.2276

EPSS Percentile 95.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

microsoft/.net_framework

Timeline

Published May 15, 2013

Tracked Since Feb 18, 2026