[Owasp-dotnet] Microsoft's official response to the ASP.NET Forms Authentication Vulnerability
Dinis Cruz
dinis at ddplus.net
Wed Oct 6 00:02:11 EDT 2004
Microsoft as just published the following information about this
vulnerabiltiy (MSRC: am I missing anything?)
- Microsoft Knowledge Base Article - 887459 "Programmatically check for
canonicalization issues with ASP.NET"
(http://support.microsoft.com/?kbid=887459)
- "What You Should Know About a Reported Vulnerability in Microsoft
ASP.NET" (http://www.microsoft.com/security/incident/aspnet.mspx)
they also posted this on asp.net security forums:
http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=711220f
other related threads:
- http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=709506
- http://channel9.msdn.com/ShowPost.aspx?PostID=24148
- http://silverstr.ufies.org/blog/archives/000702.html
- http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237042.aspx
- http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237055.aspx
- http://weblogs.asp.net/lbarbieri/archive/2004/10/02/237049.aspx
- http://hdconsultants.us/archive/0001/01/01/794.aspx
-
http://blogs.squaretwo.net/PermaLink.aspx?guid=4c331ad6-70c9-4370-9c6e-f2576fa2b0f1
-http://www.leastprivilege.com/PermaLink.aspx?guid=a173d604-ebc9-4d07-b0ad-6655611a768f
- http://www.mcse.ms/message1114277.html
Best regards
Dinis Cruz
.Net Security Consultant
DDPlus
More information about the Owasp-dotnet
mailing list