Massive ASP.Net Forms Authentication vulnerability

Greg Hurlman · Sep 30, 2004

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

This is, IMNSHO, the worst thing I've ever heard of.

Spread the word, test your sites, and send angry emails to Microsoft.

Mike Bridge · Sep 30, 2004

This seems to me like an absolutely massive security hole, but I see
it was posted to various security lists TWO WEEKS ago without any
response. What's Microsoft waiting for??

Mike Bridge · Sep 30, 2004

Hmm... this exploit affects URLs for localhost, but I can't seem to
get it to work on a regular URL....

-Mike

Daniel Fisher\(lennybacon\) · Oct 1, 2004

What about installing UrlScan.

I did that a year ago or so....

Prodip Saha · Oct 4, 2004

Greg,
I have confirmed this security hole on XP Professional with IE6. This is a
reminder to the companies- never solely rely on microsoft for their
application security.

Thanks,
Prodip

Massive ASP.Net Forms Authentication vulnerability	12	Sep 30, 2004
ASP.Net Authentication Vulnerability	1	Oct 3, 2004
HTTPUnit and JavaScript - what are the limitations?	1	Oct 26, 2006
Question about forms authentication	0	Nov 14, 2005
ASP.NET 2.0 EventLog error : Forms authentication failed	0	Jul 19, 2006
Forms Authentication errror	1	Oct 28, 2004
ASP.NET Forms Authentication Best Practices	0	Apr 2, 2004
Forms Authentication issue. works in debugger, not live.	0	Jan 28, 2008

Massive ASP.Net Forms Authentication vulnerability

Greg Hurlman

Mike Bridge

Mike Bridge

Daniel Fisher\(lennybacon\)

Prodip Saha

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads