Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Ominous ASP.Net Security Warning

Posted by michael on from the you've-got-hack dept.

An anonymous reader writes "A security flaw in Microsoft's ASP.NET apparently allows access to password-protected areas just by altering a URL. There's no patch yet, but in the meantime Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits. About 2.9 million web sites run on ASP.NET according to Netcraft." Some more links: another Microsoft article, NTBugtraq, K-Otik and Heise.

2 of 554 comments (clear)

  1. NOT A REWRITE by beuges · · Score: 0, Troll

    Microsoft says:
    Microsoft ASP.NET developers can add more checks to help reduce canonicalization issues for a Web application by adding an Application_BeginRequest event handler in their Global.asax file that is stored in the root directory of the Web application. /. says:
    Microsoft is telling ASP.NET developers they can rewrite their applications to prevent exploits

    Talk about FUD.

  2. Assuming one website per company.. by JustNiz · · Score: 0, Troll

    means there's at least 2.9 million dumbasses in key IT decision-making roles.

    >> About 2.9 million web sites run on ASP.NET