DotNetNuke Hosting

dotnetnuke hosting

Info

Subscriber Articles

How to Install DotNetNuke to Godaddy Root

How to Backup DotNetNuke via Hosting Control Center

Create Multiple Parent Portals

How to Upgrade to DotNetNuke 4.8.4

How to Upgrade to DotNetNuke 4.8

How to Move DotNetNuke 4.7 to Root Path

How to install DotNetNuke 4.7.0 via Metropolis

Godaddy Subscriber Tutorials Also Applies to Latest DotNetNuke Release

Learn How to Install DotNetNuke 5.5.1 to Godaddy Root Folder

How to Upgrade DotNetNuke

How to Move DotNetNuke 4.8 to Root Path

Move DotNetNuke To Root Path

How to Setup Godaddy Windows Hosting Account

How to Upgrade to DotNetNuke 4.8.2

How to install DotNetNuke 4.5.3 with Metropolis

Popular Articles

How to Fix Windows XP Theme Problems

How to use Memtest Diagnostics

SQL Server 2005 Installation Tip

How to Upgrade to DotNetNuke 4.8

How to Use Telerik RadEditor with DotNetNuke 5.0.0 Release

How to Install DotNetNuke to Godaddy Root

Install DotNetNuke 4.5.3 (Godaddy Root)

Can I Install a DotNetNuke in my Root Folder

Learn How to Install DotNetNuke 5.5.1 to Godaddy Root Folder

Up and Running DotNetNuke 5.4.1

Tags

Blogging Tools (5)

DotNetNuke (88)

Subscriber Articles (15)

Useful Tools (2)

Rent a Coder

Technorati

Add to Technorati Favorites

Click on sticker to add this blog to your popular blogs list.

Featured on

Blog

Subscribe to My .NET Nuke Blog by Ismet Dumlupinar

25 Latest Articles

Current Articles | Archives | Search

04

Nightmare for ASP.NET Based Website Owners

Ismet Dumlupinar posted on April 04, 2010 09:24

I already notified registered users of this website, but i want to also warn anonymous visitors about a very critical security hole within ASP.NET.

Last week, some guys demonstrated an action that could help a hacker to attack websites under ASP.NET, regardless of which version being used.

Those guys, first browsing a non-existing page to see error page, and somehow they are getting necessary inputs from there to generate authentication tickets.

This is just like well known Oracle Padding issue. And those guys will probably publish and distribute tools find vulnerable sites and do some dirty tasks.

Sadly, no patch from Microsoft available yet, but can always apply a workaround.

So, please go ahead and patch your servers, websites and whatever insecure file you have.

Some useful posts for temporary workaround.
Oracle Padding Now Affects DotNetNuke

Posted in: Tutorials, .NET, DotNetNuke

Actions: E-mail | Permalink | Comments (0)

RSS comment feed

| Kick it! | DZone it! | del.icio.us

Post Rating

12345

Comments

There are currently no comments, be the first to post one.

Post Comment

Name (required)

Email (required)

Website

CAPTCHA image

Enter the code shown above:

Notify me of followup comments via e-mail

Login | Terms Of Use | Privacy Statement | Copyright 2008-2011 My .NET Nuke - www.mynetnuke.com