Welcome to AspAdvice Sign in | Join | Help

ASP.NET Custom Errors Security Flaw: Please Read!

** NOTE ** 

EDIT 29/9/2010

ASP.NET Security Update is now available. See here.

EDIT 21/9/2010 :

Scott Guthrie has published FAQ on the Security Vulnerability, read it here. Read his original post on the issue here.

** **

See Steve Smith's blog post for details


Summary: You should have custom errors enabled or HTTP error response codes (in firewall/router) disabled so that attacker can't use the information of error responses.

As Steve said: 

Please share this post and the information in it as widely as possible.  As of this moment, virtually any ASP.NET web site online can potentially be compromised with about a minute’s work.  By working together quickly, we (developers and IT pros) should be able to eliminate this vulnerability quickly, saving our companies and clients from potentially large losses

Published Saturday, September 18, 2010 9:58 AM by joteke
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS


No Comments

Leave a Comment

Enter the code you see below