Login

Username

Password





Register   Reset password

Get Cuyahoga at SourceForge.net. Fast, secure and Free Open Source software downloads

Forum

Welcome Guest Search | Active Topics | Members

Security hole in ASP.NET Options
zapotek
Posted: Monday, September 20, 2010 9:23:37 PM

Rank: Advanced Member
Groups: Member

Joined: 8/13/2006
Posts: 41
Points: 81
A major security flaw in ASP.NET was announced on Friday — one that affects all versions and can allow an attacker to see ViewState and web.config data in clear text.

As such, everyone who has made an ASP.NET Web site should take this threat very seriously.

Microsoft is putting together a patch. Until then, they suggest a workaround of turning on customErrors, and having it point to a single error file.

http://www.dougv.com/blog/2010/09/18/major-security-hole-in-asp-net-requires-error-redirect-workaround/
martijnb
Posted: Tuesday, September 21, 2010 12:38:52 PM

Rank: Administration
Groups: Administration , Member

Joined: 12/30/2004
Posts: 1,674
Points: 1,824
Location: Wageningen (NL)
Thanks! I've made it a sticky until a more permanent fix is issued by Microsoft.
Users browsing this topic
Guest


Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Main Forum RSS : RSS

Yet Another Forum.net version 1.9.0 running under Cuyahoga.
Copyright © 2003-2006 Yet Another Forum.net. All rights reserved.