Difference between revisions of "ASP.NET POET Vulnerability"

From OWASP
Jump to: navigation, search
(Added introductory sentences as a first step towards Dinis' recommended "good/objective description of the problem, good technical desciption of the problem and tons of references")
(Not reccomended Fixes (via web.config change))
 
(7 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
* Microsoft Security Advisory (2416728) : http://www.microsoft.com/technet/security/advisory/2416728.mspx
 
* Microsoft Security Advisory (2416728) : http://www.microsoft.com/technet/security/advisory/2416728.mspx
  
=== Fixes (via web.config change)===
+
=== Recommended Fixes ===
 +
*Microsoft Official Fix: http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
 +
 
 +
=== Not recommended Fixes (via web.config change)===
 
* Important: ASP.NET Security Vulnerability  (ScottGu's blog) http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
 
* Important: ASP.NET Security Vulnerability  (ScottGu's blog) http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
 
* DotNetNuke ASP.NET Security Vulnerability Fix: http://www.subodh.com/Blog/PostID/116/DotNetNuke-ASP-NET-Security-Vulnerability-Fix
 
* DotNetNuke ASP.NET Security Vulnerability Fix: http://www.subodh.com/Blog/PostID/116/DotNetNuke-ASP-NET-Security-Vulnerability-Fix
 +
 +
Why we do not recommend these workarounds
 +
* ["T" exploit 200 vs 404 response status]: http://www.gdssecurity.com/l/b/2010/10/04/padbuster-v0-3-and-the-net-padding-oracle-attack/
 +
* ["T" exploit attack]: http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html
  
 
===Blogs, News, Articles===
 
===Blogs, News, Articles===
Line 19: Line 26:
 
* Video demonstration of using POET tool to attack vulnerable ASP.NET deployment http://www.youtube.com/watch?v=yghiC_U2RaM
 
* Video demonstration of using POET tool to attack vulnerable ASP.NET deployment http://www.youtube.com/watch?v=yghiC_U2RaM
 
* Google Search: http://www.google.co.uk/search?q=ASP.NET+vulnerability
 
* Google Search: http://www.google.co.uk/search?q=ASP.NET+vulnerability
 +
 +
=== File Access Exploits ===
 +
* Webconfig_Bruter (first public exploit for file downloading): http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html
 +
* Padbuster v0.3 can now download Web.config and much more: http://www.gdssecurity.com/l/b/2010/10/04/padbuster-v0-3-and-the-net-padding-oracle-attack/
  
 
=== discussion Threads===
 
=== discussion Threads===

Latest revision as of 15:08, 4 October 2010

This page contains details about the ASP.NET POET vulnerability disclosed on 2010-09-17. This vulnerability exists in all versions of ASP.NET (all versions released through 2010-09-18). As of 2010-09-20, there is no fix available to resolve the vulnerability; in the meantime, Microsoft strongly urges all ASP.NET deployments perform the recommended workaround to mitigate the vulnerability in the short-term.

Advisory

Recommended Fixes

Not recommended Fixes (via web.config change)

Why we do not recommend these workarounds

Blogs, News, Articles

File Access Exploits

discussion Threads