Sunday , 30 August 2015
Home » Technology » Development » ASP.NET Security Vulnerability

ASP.NET Security Vulnerability

Recently, a newly uncovered ASP.NET security vulnerability was presented and distributed at a hacker conference last weekend. The gist is that the encryption can be compromised by examining the error codes from the server. This means your sensitive information can be compromised if you are using the ViewState to store them, or your web.config file.

Fix? Set the customErrors in your web.config file to show a common error file as described in the Microsoft Security Advisory (2416728) to limit the discovery of error codes from the server.

For more information regarding this hack, you can read a post by Microsoft Security Research and Defense on Understanding the ASP.NET Vulnerability and Scott Guthrie’s Blog on Important: ASP.NET Security Vulnerability.

About Justin Lee

Check Also

YouTube Thumbnails

How to get the URL of the various sizes of YouTube Thumbnail Image

As you know, recently I’ve updated my blog and started using featured images. However, my ...