Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Massive ASP.Net Forms Authentication vulnerability

Reply
Thread Tools

Massive ASP.Net Forms Authentication vulnerability

 
 
Greg Hurlman
Guest
Posts: n/a
 
      09-30-2004
http://sourceforge.net/mailarchive/f...forum_id=24754

This is, IMNSHO, the worst thing I've ever heard of.

Spread the word, test your sites, and send angry emails to Microsoft.
---
Greg Hurlman
ghurlman*AT*squaretwo*DOT*net
http://blogs.squaretwo.net
 
Reply With Quote
 
 
 
 
Mike Bridge
Guest
Posts: n/a
 
      09-30-2004
This seems to me like an absolutely massive security hole, but I see
it was posted to various security lists TWO WEEKS ago without any
response. What's Microsoft waiting for??




On Thu, 30 Sep 2004 06:17:02 -0700, Greg Hurlman
<ghurlman*AT*squaretwo*DOT*net> wrote:

>http://sourceforge.net/mailarchive/f...forum_id=24754
>
>This is, IMNSHO, the worst thing I've ever heard of.
>
>Spread the word, test your sites, and send angry emails to Microsoft.
>---
>Greg Hurlman
>ghurlman*AT*squaretwo*DOT*net
>http://blogs.squaretwo.net


 
Reply With Quote
 
 
 
 
Mike Bridge
Guest
Posts: n/a
 
      09-30-2004
Hmm... this exploit affects URLs for localhost, but I can't seem to
get it to work on a regular URL....

-Mike

On Thu, 30 Sep 2004 06:17:02 -0700, Greg Hurlman
<ghurlman*AT*squaretwo*DOT*net> wrote:

>http://sourceforge.net/mailarchive/f...forum_id=24754
>
>This is, IMNSHO, the worst thing I've ever heard of.
>
>Spread the word, test your sites, and send angry emails to Microsoft.
>---
>Greg Hurlman
>ghurlman*AT*squaretwo*DOT*net
>http://blogs.squaretwo.net


 
Reply With Quote
 
Daniel Fisher\(lennybacon\)
Guest
Posts: n/a
 
      10-01-2004
What about installing UrlScan.

I did that a year ago or so....

--
Daniel Fisher(lennybacon)
MCP C# ASP.NET
Blog: http://www.lennybacon.com/




"Greg Hurlman" <ghurlman*AT*squaretwo*DOT*net> wrote in message
news:(E-Mail Removed)...
> http://sourceforge.net/mailarchive/f...forum_id=24754
>
> This is, IMNSHO, the worst thing I've ever heard of.
>
> Spread the word, test your sites, and send angry emails to Microsoft.
> ---
> Greg Hurlman
> ghurlman*AT*squaretwo*DOT*net
> http://blogs.squaretwo.net



 
Reply With Quote
 
Prodip Saha
Guest
Posts: n/a
 
      10-04-2004
Greg,
I have confirmed this security hole on XP Professional with IE6. This is a
reminder to the companies- never solely rely on microsoft for their
application security.

Thanks,
Prodip

"Greg Hurlman" <ghurlman*AT*squaretwo*DOT*net> wrote in message
news:(E-Mail Removed)...
>

http://sourceforge.net/mailarchive/f...forum_id=24754
>
> This is, IMNSHO, the worst thing I've ever heard of.
>
> Spread the word, test your sites, and send angry emails to Microsoft.
> ---
> Greg Hurlman
> ghurlman*AT*squaretwo*DOT*net
> http://blogs.squaretwo.net



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Massive ASP.Net Forms Authentication vulnerability =?Utf-8?B?R3JlZyBIdXJsbWFu?= ASP .Net 12 10-06-2004 12:39 PM
Possible code fix for Forms Authentication vulnerability. Ken Dopierala Jr. ASP .Net 0 10-01-2004 06:34 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM
Massive Security Vulnerability at Register.com Google Computer Security 4 11-22-2003 05:17 PM



Advertisments