ASP.NET Security Flaw Can Bypass Password

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

ASP.NET Security Flaw Can Bypass Password

Post by patrikG »

netcraft wrote: A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. A fix is not yet available, but Microsoft is offfering guidelines to help ASP.NET users secure their sites against intrusion attempts. The flaw exists only in ASP.NET, not ASP (Active Server Pages).
http://news.netcraft.com/archives/2004/ ... sword.html

No ASP-bashing, please.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

This is one more reason why open source software will always be superior to Non-Open Source. This security flaw would have been fixed as quickly as it was found had this happened in the Open Source world. Everyone running a MS server is at the disposal of MS and now has to wait for MS to update their server software.

Long Live Open Source
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Well, it's old news. I remember this bug had been posted sometime back in September on NTBugTraq list.
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

that sort of goes along with this news about Abbey bank in the uk
http://news.bbc.co.uk/1/hi/business/3984845.stm
Where users where able to bypass entering a password and only use ther username to login in.
It has now been fixed but whoooo!!!! for security in online banking.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Wonderful. More ammunition for us server admins to get people to migrate to the world of open source. 8)
Post Reply