Tuesday , 3 March 2015
Home » Technology » Development » ASP.NET Security Vulnerability

ASP.NET Security Vulnerability

Recently, a newly uncovered ASP.NET security vulnerability was presented and distributed at a hacker conference last weekend. The gist is that the encryption can be compromised by examining the error codes from the server. This means your sensitive information can be compromised if you are using the ViewState to store them, or your web.config file.

Fix? Set the customErrors in your web.config file to show a common error file as described in the Microsoft Security Advisory (2416728) to limit the discovery of error codes from the server.

For more information regarding this hack, you can read a post by Microsoft Security Research and Defense on Understanding the ASP.NET Vulnerability and Scott Guthrie’s Blog on Important: ASP.NET Security Vulnerability.

About Justin Lee

Check Also

GitHub Issues Page

Importing GitHub Milestones, Labels, Issues, Comments from One Repository to Another

I was tasked today to duplicate and import all the GitHub milestones, labels, issues, and ...