dedicated server help
web hosting guides
dedicated server home dedicated server forums dedicated server reviews dedicated resources partners dedicated server resources contact dedicated servers

dedicated server guides
Getting Started
General Tutorials
cPanel Tutorials
Security Center
Name Servers
Server Monitoring
Server Backups
Hosting Interviews
Web Hosting News
Reviews
For Fun
Linux Tutorials
Hosting Articles
Web Hosting Tutorials
 
 
 
web hosting tutorials
About Us
RSS Feed
Disclaimer
Site Map

 

ASP NET Security Flaw Can Bypass Password

Last Updated: July 4, 2010

A flaw in Microsoft's ASP.net potentially allows intrudes to bypass the password requirement. Intruders will potentially gain access to password-protected areas of a website by altering the URL.

Microsoft reported: "This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003."

According to research and analysis firm Netcraft (netcraft.com).
Netcraft data finds that ASP.NET is currently on over 2.9 million active sites.

If an intruder wishes to bypass the password login screen they would substitute '\' or '%5C' for '/' character in the URL. This technique may also work if a space is substitued for the slash. Security researches are saying while the bug is in fact out there tha tit operates differently in Mozilla browsers and Interet Explorer.

While Microsoft has not yet released a patch they have
cpanel tutorials