Frequently Asked Questions about the ASP.NET Security Vulnerability
page 3 of 8
by Scott Guthrie
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 28945/ 73

Is this an issue in ASP.NET or is it some cryptographic vulnerability?

This is a vulnerability in how ASP.NET uses cryptography in some circumstances that enables side-channel leaks through error responses.  The current ASP.NET use of encryption padding provides information in error responses that can be used by a malicious party.  We will be fixing this vulnerability in the security update.

Does this affect both ASP.NET Web Forms and ASP.NET MVC?

Yes – the publicly disclosed exploit can be used against all types of ASP.NET Applications (including both Web Forms and MVC).


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-05-25 10:54:09 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search