[Owasp-dotnet] Canonicalization bug also applies to Windows Auth
Dominick Baier
dotnet at leastprivilege.com
Fri Oct 1 06:28:33 EDT 2004
as this seems to be a bug in the UrlAuthorization module of ASP.NET -
Windows Authenticated sites are also affected.
I reproduced this on WinXP with 1.1 SP1
---
Dominick Baier, Dipl. Ing. Informationstechnik (BA)
.NET Architecture / Security Consultant
www.leastprivilege.com
ERNW GmbH / Zähringerstr. 49 / 69115 Heidelberg
Tel. +49 151 16 22 75 56 / Fax. +49 6221 419 008
dbaier at ernw.de / www.ernw.de
PGP (www.ernw.de/keys/dbaier.zip)
7AE0 B3D2 7FFC 7763 E32A 07C2 8B0D F988 DC8D BFB1
X509v3 (www.ernw.de/keys/dbaier at ernw.de.zip)
More information about the Owasp-dotnet
mailing list