Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-1337

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."

Related bugs and status

CVE-2013-1337 (Candidate) is related to these bugs:

Bug #1325901: orange widget flakes out on startup

Summary				In	Importance	Status
	1325901	orange widget flakes out on startup		Nettest	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CERT: TA13-134A
OVAL: oval:org.mitre.oval:de...
MS: MS13-040