ASP.NET Security Vulnerability found - take steps NOW to secure your web.config

Tweet

Quoted from the Microsoft Security Advisory “Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.”

[Updated] - Update on Security Vulnerability

Additional Info and Workaround

Important: ASP.NET Security Vulnerability

Understanding the ASP.NET Vulnerability

ASP.NET POET Vulnerability - What Else Can I Do?

Oracle Padding Vulnerability in ASP.NET

Where can I ask Questions?

Post questions here

Giving me +1 tells me you liked this article! Thanks in advance

Download the Free DNC Magazine for .NET Developers

Did you like this post?

			Save on Delicious
	subscribe via rss		subscribe via e-mail
	print this post		follow me on twitter

About The Author

Suprotim Agarwal, ASP.NET Architecture MVP works as an Architect Consultant and provides consultancy on how to design and develop Web applications.

Suprotim is also the founder and primary contributor to DevCurry, DotNetCurry and SQLServerCurry. He has also written an EBook 51 Recipes using jQuery with ASP.NET Controls.

Follow him on twitter @suprotimagarwal