Vulnerability in ASP.NET Could Allow Information leak, how to solve it and link to good knowledge base post ;)
As on 17th Sep Microsoft found security vulnerability in ASP.NET framework (with all versions of frameworks), here are some collection of links to be use for securing your public portals.
Main Vulnerability is as given below
An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.
for more information on this you can visit ‘Microsoft Security Advisory’
Solution according to Microsoft Security Advisory (Available in above post):
set error page for your application as given below:
<configuration>
<location allowOverride="false">
<system.web>
<customErrors mode="On" defaultRedirect="~/error.html" />
</system.web>
</location>
</configuration>
More information regarding this can be found @
ScottGu's Blog :).