Frequently Asked Questions about the ASP.NET Security Vulnerability : ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Frequently Asked Questions about the ASP.NET Security Vulnerability

page 3 of 8

by Scott Guthrie
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 29026/ 65

Article Contents:

Introduction
Is Microsoft going to release an update to fix the vulnerability?
Is this an issue in ASP.NET or is it some cryptographic vulnerability?
Does this affect SharePoint?
What would an attack look like on the network or in my logs?
What does the <customErrors> workaround do?
Summary
Resources

Is this an issue in ASP.NET or is it some cryptographic vulnerability?

This is a vulnerability in how ASP.NET uses cryptography in some circumstances that enables side-channel leaks through error responses. The current ASP.NET use of encryption padding provides information in error responses that can be used by a malicious party. We will be fixing this vulnerability in the security update.

Does this affect both ASP.NET Web Forms and ASP.NET MVC?

Yes – the publicly disclosed exploit can be used against all types of ASP.NET Applications (including both Web Forms and MVC).

« (Page 2)

View Entire Article

(Page 4) »

User Comments

No comments posted yet.

Product Spotlight