Gaping Security Hole a Pain in the ASP - 3,043 Views,
|
Previous Article « Make Your C*ck a Hammer (Spamusement Cartoon)
Read Next Article » Vote for Whomever You Want - But Don’t Take This Poll!
Gaping Security Hole a Pain in the ASP
Follow Anne on
Twitter 
Friend Anne on Facebook
A gaping hole has just been discovered in Microsoft’s ASP.NET product, which allows access to password protected areas of a website just be altering the URL for access.
According to an article published by Netcraft today, the issue involves “a bug in ASP.NET’s handling of URLs, known as “canonicalization.” If a visitor to an ASP.NET site substitutes ” or ‘%5C’ for the ‘/’ character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash”
While there is no fix available yet, Microsoft is offering guidance on how to deal with the issue here.
You can read more about this here.
Was this information helpful? If so, please leave us a review!
|
Previous Article « Make Your C*ck a Hammer (Spamusement Cartoon)
Read Next Article » Vote for Whomever You Want - But Don’t Take This Poll!
Read more:
» Windows XP Home Edition Default File Sharing a Big Security Hole
» Security Hole in Microsoft Excel
» Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan
» Microsoft WMF Patch for Windows Metafile (WMF) Issue Released Early - Get It Now!
For additional similar stories check out our archives on Everything Else
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
