CVE-2011-3416

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 4.0

Description The issue allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username. An elevation of privilege vulnerability exists in the way that .NET Framework authenticates users. To exploit this, an attacker must be able to register an account on the ASP.NET application and know an existing account name for a targeted user. The attacker could then craft a special web request to gain access to that account, taking any action in the context of the targeted user, including executing arbitrary commands on the site.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.