Microsoft · Commerce Server 2002 · CVE-2006-1257
**Name of the Vulnerable Software and Affected Versions**
Microsoft Commerce Server 2002 versions prior to SP2
**Description**
The issue allows remote attackers to bypass authentication. This can be achieved by logging in to "authfiles/login.asp" with a valid `username` and any `password`, then accessing the main site twice.
**Recommendations**
For Microsoft Commerce Server 2002 versions prior to SP2, apply Service Pack 2 to resolve the issue.