CVE-2013-1337

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework 4.5

Description A security feature bypass issue exists due to improper policy requirements creation for custom Windows Communication Foundation (WCF) endpoint authentication. This allows remote attackers to bypass authentication by sending queries to an endpoint, potentially giving them access to endpoint functions as if they were authenticated. This could enable an attacker to steal information or take actions in the context of an authenticated user.

Recommendations For Microsoft .NET Framework 4.5, consider restricting access to custom WCF endpoints until a proper fix is applied, and ensure that all authentication mechanisms are thoroughly reviewed and validated to prevent bypass attempts. As a temporary workaround, consider enhancing the authentication process for custom WCF endpoints to minimize the risk of exploitation.