CVE-2011-2155

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
20/05/2011
Last modified:
11/04/2025

Description

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*