R
Richard Eke
http://support.microsoft.com/kb/887219
details a vunerability for all ASP.NET web sites that uee Forms
Authentication. However, it only lists .NET 1.0 and 1.1
Today I've received a report from a third party doing penetration testing on
a web site we developed in ASP.NET 2.0 detailling this as a vunerability.
I've double checked and it indeed is. We have a common base class that
simply throws a default error page if the user isn't authenticated so our app
is OK but the report going to our clients doesn't look very good!
I thought in ASP.NET 2.0 the fix for this problem was going to be 'baked-in'
- it appears not.
Are there any similar patches to those detiled in the security bulletin
mentioned above?
Thanks
Richard
details a vunerability for all ASP.NET web sites that uee Forms
Authentication. However, it only lists .NET 1.0 and 1.1
Today I've received a report from a third party doing penetration testing on
a web site we developed in ASP.NET 2.0 detailling this as a vunerability.
I've double checked and it indeed is. We have a common base class that
simply throws a default error page if the user isn't authenticated so our app
is OK but the report going to our clients doesn't look very good!
I thought in ASP.NET 2.0 the fix for this problem was going to be 'baked-in'
- it appears not.
Are there any similar patches to those detiled in the security bulletin
mentioned above?
Thanks
Richard