Re: Massive ASP.Net Forms Authentication vulnerability

From: Prodip Saha (psaha_at_bear.com)
Date: 10/04/04


Date: Mon, 4 Oct 2004 09:39:16 -0500

Greg,
I have confirmed this security hole on XP Professional with IE6. This is a
reminder to the companies- never solely rely on microsoft for their
application security.

Thanks,
Prodip

"Greg Hurlman" <ghurlman*AT*squaretwo*DOT*net> wrote in message
news:7FAE1C11-2A1D-46E4-83C9-441BE8B2944E@microsoft.com...
>
http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754
>
> This is, IMNSHO, the worst thing I've ever heard of.
>
> Spread the word, test your sites, and send angry emails to Microsoft.
> ---
> Greg Hurlman
> ghurlman*AT*squaretwo*DOT*net
> http://blogs.squaretwo.net



Relevant Pages

  • Re: Wesley-DSO Exploit
    ... Microsoft Windows Operating systems. ... DSO exploit is an exploit using ... Internet Explorer ... There's a security hole in IE allowing websites to execute code without ...
    (microsoft.public.windowsxp.basics)
  • RE: [Full-Disclosure] Bill Gates blames the victim
    ... How is the typical home PC user who runs ... > to fix this latest critical security hole in Microsoft Word: ... machines to a state where they could install the patch. ...
    (Full-Disclosure)
  • Re: New security hole
    ... What IS a security hole is that you are not using a firewall. ... The Messenger service is NOT the same thing as MSN Messenger. ... This is not proof that Microsoft doesn't care about security. ... No computer software is secure by default, ...
    (microsoft.public.security)
  • Re: Dangerous security hole -- Microsoft does nothing !!
    ... >Through this security hole a webpage with a VB script has full access to ... >your harddik and Registry! ... >Although this security hole exists since many years Microsoft is still ...
    (comp.security.misc)
  • Re: New Microsoft Security scare?
    ... > Microsoft OS that has recently been discovered, and the patch for this ... > Can anyone throw any light on just what this security hole actually ... permissions on your computer. ...
    (alt.computer.security)