CVE-2011-2155

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue concerns the Login.aspx page in the SmarterTools SmarterStats web server, where the ctl00$MPH$txtPassword password form field is generated without disabling the autocomplete feature. This makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.

Recommendations For SmarterTools SmarterStats version 6.0, consider disabling the autocomplete feature for the ctl00$MPH$txtPassword password form field to prevent attackers from bypassing authentication. As a temporary workaround, restrict access to the Login.aspx page until the issue is resolved.