ASP.NET Security Vulnerability and it’s solution

Vikas413
Posted by in ASP.NET category on for Beginner level | Points: 150 | Views : 4053 red flag
Rating: 5 out of 5  
 1 vote(s)

Vulnerability in ASP.NET Could Allow Information leak, how to solve it and link to good knowledge base post ;)

As on 17th Sep Microsoft found security vulnerability in ASP.NET framework (with all versions of frameworks), here are some collection of links to be use for securing your public portals.

Main Vulnerability is as given below

An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

for more information on this you can visit ‘Microsoft Security Advisory

Solution according to Microsoft Security Advisory (Available in above post):

set error page for your application as given below:

<configuration>
 <location allowOverride="false">
   <system.web>
     <customErrors mode="On" defaultRedirect="~/error.html" />
   </system.web>
 </location>
</configuration>
More information regarding this can be found @ ScottGu's Blog :).
Page copy protected against web site content infringement by Copyscape

About the Author

Vikas413
Full Name: Vikas Patel
Member Level:
Member Status: Member
Member Since: 9/15/2010 7:44:35 AM
Country: India
Regards, Vikas Patel.
http://www.dotnetfunda.com

Login to vote for this post.

Comments or Responses

Login to post response

Comment using Facebook(Author doesn't get notification)