Thursday , 24 April 2014
Breaking News
Home » Technology » Development » ASP.NET Security Vulnerability

ASP.NET Security Vulnerability

Recently, a newly uncovered ASP.NET security vulnerability was presented and distributed at a hacker conference last weekend. The gist is that the encryption can be compromised by examining the error codes from the server. This means your sensitive information can be compromised if you are using the ViewState to store them, or your web.config file.

Fix? Set the customErrors in your web.config file to show a common error file as described in the Microsoft Security Advisory (2416728) to limit the discovery of error codes from the server.

For more information regarding this hack, you can read a post by Microsoft Security Research and Defense on Understanding the ASP.NET Vulnerability and Scott Guthrie’s Blog on Important: ASP.NET Security Vulnerability.

About Justin Lee

%d bloggers like this: