K
Karl
I realize there's an *.announce list for this sort of thing, but I imagine a
lot of people are like me and spend most of there time here, and seeing as
this is serious news, I thought I'd post:
A [major] security hole in authentication (forms, windows) has been found to
asp.net applications installed on machines running IIS 5.0 without URLScan
or IIS Lockdown Tool installed. You can learn more from:
http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237042.aspx
(note, the post only talks about forms authentication, but its been found to
affect windows authentication as well)
Karl
lot of people are like me and spend most of there time here, and seeing as
this is serious news, I thought I'd post:
A [major] security hole in authentication (forms, windows) has been found to
asp.net applications installed on machines running IIS 5.0 without URLScan
or IIS Lockdown Tool installed. You can learn more from:
http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237042.aspx
(note, the post only talks about forms authentication, but its been found to
affect windows authentication as well)
Karl