CVE-2013-1337
Microsoft .NET Framework 4.5 - Authentication Bypass via WCF Endpoint
Title source: llmDescription
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-134A
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741
Scores
EPSS
0.2063
EPSS Percentile
97.2%
Details
CWE
CWE-287
Status
published
Products (1)
microsoft/.net_framework
4.5
Published
May 15, 2013
Tracked Since
Feb 18, 2026