I found ASP.NET Padding Oracle Vulnerability on http://www.pidgin.im

mohammed al-saggaf mohammed.sec2010 at gmail.com
Fri Mar 29 08:06:11 EDT 2013


Hi admin;


I am security and I found ASP.NET Padding Oracle Vulnerability on
http://www.pidgin.im that ASP.Net uses encryption to hide sensitive data
and protect it from tampering by the client. However, a vulnerability in
the ASP.Net encryption implementation can allow an attacker to decrypt and
tamper with this data. This vulnerability exists in all versions of ASP.NET
.

How to fix this vulnerability?
You should apply the Microsoft patch MS10-070 linked in the Web references
section.



if you have any questions , send it in this email

my name is mohammed al-saggaf


thanks...........
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20130329/9cf0aa0b/attachment.html>


More information about the Support mailing list