Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Demo ASP.NET Crypto Attack

Posted by timothy on Sunday September 19, 2010 @08:57AM from the theoretical-no-more dept.

Trailrunner7 writes "The crypto attack against ASP.Net Web apps has gotten a lot of attention this week, and with good reason. Microsoft on Friday night issued a security advisory about the bug, warning customers that it poses a clear danger to their sites. Also on Friday, the researchers who found the bug and implemented the attack against it released a slick video demo of the attack, clearly showing the seriousness of the problem and how simple it is to exploit with their POET tool."

2 of 98 comments (clear)

Min score:

Reason:

Sort:

Not as serious as it sounds by Eirenarch · 2010-09-19 09:21 · Score: 2, Interesting

The attack requires the ASP.NET error page that shows exception information to be enabled. No sane person will leave it like this in production let alone that it is turned off by default.
Re:Not just ASP.NET by spongman · 2010-09-19 11:19 · Score: 3, Interesting

clueless developers who enable full exception information

this is irrelevant and misleading, the exploit does not require the stack trace pages to be enabled in order to be effective.