The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
Publication date: Sun, 19 Mar 2006 07:02:00 +0000