[Owasp-dotnet] Microsoft 'sort-of' patch for the Authentication vulnerablity
Dinis Cruz
dinis at ddplus.net
Wed Oct 6 03:22:02 EDT 2004
Just published yesterday by Microsoft "HTTP module to check for
canonicalization issues with ASP.NET"
(http://support.microsoft.com/?id=887289) which is (in their own words):
"//...To aid customers in protecting their ASP.NET applications,
Microsoft has made available an HTTP module that implements
canonicalization best practices....//"
I haven't had the time to test this, but if anyone does, please post the
findings here.
This page was also updated
(http://www.microsoft.com/security/incident/aspnet.mspx)
More info on:
http://isc.sans.org/diary.php?date=2004-10-06
http://blogs.devleap.com/rob/archive/2004/10/02/1803.aspx (for the
italian's in the list)
and on google news
http://news.google.com/news?q=asp.net%20vulnerability&num=50&hl=en&lr=&safe=off&client=firefox-a&sa=N&tab=wn
Best regards
Dinis Cruz
.Net Security Consultant
DDPlus
More information about the Owasp-dotnet
mailing list