Massive ASP.Net Forms Authentication vulnerability

Discussion in 'ASP .Net Security' started by Greg Hurlman, Sep 30, 2004.

  1. Greg Hurlman

    Greg Hurlman Guest

    Greg Hurlman, Sep 30, 2004
    #1
    1. Advertising

  2. Greg Hurlman

    Mike Bridge Guest

    This seems to me like an absolutely massive security hole, but I see
    it was posted to various security lists TWO WEEKS ago without any
    response. What's Microsoft waiting for??




    On Thu, 30 Sep 2004 06:17:02 -0700, Greg Hurlman
    <ghurlman*AT*squaretwo*DOT*net> wrote:

    >http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754
    >
    >This is, IMNSHO, the worst thing I've ever heard of.
    >
    >Spread the word, test your sites, and send angry emails to Microsoft.
    >---
    >Greg Hurlman
    >ghurlman*AT*squaretwo*DOT*net
    >http://blogs.squaretwo.net
    Mike Bridge, Sep 30, 2004
    #2
    1. Advertising

  3. Greg Hurlman

    Mike Bridge Guest

    Mike Bridge, Sep 30, 2004
    #3
  4. What about installing UrlScan.

    I did that a year ago or so....

    --
    Daniel Fisher(lennybacon)
    MCP C# ASP.NET
    Blog: http://www.lennybacon.com/




    "Greg Hurlman" <ghurlman*AT*squaretwo*DOT*net> wrote in message
    news:...
    > http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754
    >
    > This is, IMNSHO, the worst thing I've ever heard of.
    >
    > Spread the word, test your sites, and send angry emails to Microsoft.
    > ---
    > Greg Hurlman
    > ghurlman*AT*squaretwo*DOT*net
    > http://blogs.squaretwo.net
    Daniel Fisher\(lennybacon\), Oct 1, 2004
    #4
  5. Greg Hurlman

    Prodip Saha Guest

    Greg,
    I have confirmed this security hole on XP Professional with IE6. This is a
    reminder to the companies- never solely rely on microsoft for their
    application security.

    Thanks,
    Prodip

    "Greg Hurlman" <ghurlman*AT*squaretwo*DOT*net> wrote in message
    news:...
    >

    http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754
    >
    > This is, IMNSHO, the worst thing I've ever heard of.
    >
    > Spread the word, test your sites, and send angry emails to Microsoft.
    > ---
    > Greg Hurlman
    > ghurlman*AT*squaretwo*DOT*net
    > http://blogs.squaretwo.net
    Prodip Saha, Oct 4, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?R3JlZyBIdXJsbWFu?=

    Massive ASP.Net Forms Authentication vulnerability

    =?Utf-8?B?R3JlZyBIdXJsbWFu?=, Sep 30, 2004, in forum: ASP .Net
    Replies:
    12
    Views:
    750
    Tom Kaminski [MVP]
    Oct 6, 2004
  2. Ken Dopierala Jr.
    Replies:
    0
    Views:
    359
    Ken Dopierala Jr.
    Oct 1, 2004
  3. Karl
    Replies:
    1
    Views:
    395
    Ken Dopierala Jr.
    Oct 3, 2004
  4. Dinis Cruz
    Replies:
    1
    Views:
    123
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
    Oct 17, 2003
  5. Eric
    Replies:
    2
    Views:
    504
Loading...

Share This Page