Massive ASP.Net Forms Authentication vulnerability

Discussion in 'ASP .Net Security' started by Greg Hurlman, Sep 30, 2004.

  1. Greg Hurlman

    Greg Hurlman Guest

    Greg Hurlman, Sep 30, 2004
    1. Advertisements

  2. Greg Hurlman

    Mike Bridge Guest

    This seems to me like an absolutely massive security hole, but I see
    it was posted to various security lists TWO WEEKS ago without any
    response. What's Microsoft waiting for??
    Mike Bridge, Sep 30, 2004
    1. Advertisements

  3. Greg Hurlman

    Mike Bridge Guest

    Hmm... this exploit affects URLs for localhost, but I can't seem to
    get it to work on a regular URL....

    Mike Bridge, Sep 30, 2004
  4. What about installing UrlScan.

    I did that a year ago or so....
    Daniel Fisher\(lennybacon\), Oct 1, 2004
  5. Greg Hurlman

    Prodip Saha Guest

    I have confirmed this security hole on XP Professional with IE6. This is a
    reminder to the companies- never solely rely on microsoft for their
    application security.

    Prodip Saha, Oct 4, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.