CVE-2002-0736

Name of the Vulnerable Software and Affected Versions Microsoft BackOffice versions 4.0 through 4.5

Description The issue allows remote attackers to bypass authentication and access administrative ASP pages via an HTTP request with a specific auth type that is not blank. This occurs when Microsoft BackOffice is configured to be accessible by other systems.

Recommendations For Microsoft BackOffice versions 4.0 through 4.5, consider restricting access to the administrative ASP pages until a fix is available. As a temporary workaround, avoid using HTTP requests with blank or specific auth type values to minimize the risk of exploitation.