diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


ASP.Net ‘zero day’ Vulnerability ‘Padding Oracle Exploit’

Microsoft released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of .NET Framework. “To understand how this vulnerability works, you need to know about cryptographic oracles. An oracle in the context of cryptography is a system which provides hints as you ask it questions. In this case, there’s a vulnerability in ASP.Net which acts as a padding oracle. This allows an attacker to send chosen cipher text to server and learn if it was decrypted properly by examining which error code was returned by the server.

By making many requests the attacker can learn enough to successfully decrypt the rest of the cipher text. The attacker can then alter the plain text and re-encrypt it as well,” explains Microsoft. The workaround for this vulnerability is to use the customErrors feature of ASP.NET to configure apps to return the same error page regardless of the error encountered on the server.

More Info: Understanding the ASP.NET Vulnerability


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...