Massive ASP.Net Forms Authentication vulnerability -- asp.net security

Mike Bridge
9/30/2004 5:15:57 PM

This seems to me like an absolutely massive security hole, but I see
it was posted to various security lists TWO WEEKS ago without any
response. What's Microsoft waiting for??

On Thu, 30 Sep 2004 06:17:02 -0700, Greg Hurlman
[quoted text, click to view]

Mike Bridge
9/30/2004 5:47:56 PM

Hmm... this exploit affects URLs for localhost, but I can't seem to
get it to work on a regular URL....

-Mike

On Thu, 30 Sep 2004 06:17:02 -0700, Greg Hurlman
[quoted text, click to view]

Daniel Fisher(lennybacon)
10/1/2004 10:56:43 AM

What about installing UrlScan.

I did that a year ago or so....

--
Daniel Fisher(lennybacon)
MCP C# ASP.NET
Blog: http://www.lennybacon.com/

[quoted text, click to view]

Prodip Saha
10/4/2004 9:39:16 AM

Greg,
I have confirmed this security hole on XP Professional with IE6. This is a
reminder to the companies- never solely rely on microsoft for their
application security.

Thanks,
Prodip

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about asp.net security

asp.net security : Massive ASP.Net Forms Authentication vulnerability