Massive ASP.Net Forms Authentication vulnerability

Discussion in 'ASP .Net Security' started by Greg Hurlman, Sep 30, 2004.

  1. Greg Hurlman

    Greg Hurlman Guest

    Greg Hurlman, Sep 30, 2004
    #1
    1. Advertisements

  2. Greg Hurlman

    Mike Bridge Guest

    This seems to me like an absolutely massive security hole, but I see
    it was posted to various security lists TWO WEEKS ago without any
    response. What's Microsoft waiting for??
     
    Mike Bridge, Sep 30, 2004
    #2
    1. Advertisements

  3. Greg Hurlman

    Mike Bridge Guest

    Hmm... this exploit affects URLs for localhost, but I can't seem to
    get it to work on a regular URL....

    -Mike
     
    Mike Bridge, Sep 30, 2004
    #3
  4. What about installing UrlScan.

    I did that a year ago or so....
     
    Daniel Fisher\(lennybacon\), Oct 1, 2004
    #4
  5. Greg Hurlman

    Prodip Saha Guest

    Greg,
    I have confirmed this security hole on XP Professional with IE6. This is a
    reminder to the companies- never solely rely on microsoft for their
    application security.

    Thanks,
    Prodip
     
    Prodip Saha, Oct 4, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.