Important: ASP.NET Security Vulnerability - ScottGu's Blog

Scott Gu vient de mettre sur son blogue un important message expliquant une vulnérabilité de Asp.Net, ainsi qu'une façon de contourner le problème en attendant une mise à jour.

À lire absolument si vous développez avec Asp.Net.


A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET. This vulnerability exists in all versions of ASP.NET.

This vulnerability was publically disclosed late Friday at a security conference.� We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.

What does the vulnerability enable?

An attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data)." [read more]

~Franky