ASP.NET Security Vulnerability

21 בספטמבר 2010

no comments

There’s been a lot of noise about the recent discovered vulnerability in ASP.NET.

This vulnerability can enable the attack to download critical files in your application such as web.config and others files, by exploiting details returned in the Sytem.Security.Cryptography.CryptographicException exception.

Scott Guthrie has published some posts regarding those issues here and here. These posts includes a brief explanation on how these attacks accord and how can you workaround them until Microsoft releases an update to fix those issues.

Basically, the workaround involves hiding exceptions from your users and using custom and friendly errors (which you should always use, regardless to this vulnerability).

It should be noticed that this vulnerability also effected SharePoint.

You can also get into more details in LINEQ.NET blog here and here.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>