Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

Breaking .NET encryption with or without Padding Oracle

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


seclist at mindedsecurity

Oct 4, 2010, 1:21 AM

Post #1 of 1 (187 views)
Permalink
Breaking .NET encryption with or without Padding Oracle
Dear list,

Since Microsoft official fix is out, we published full details about
"ScriptResource.axd" vulnerability in framework 3.5 sp1 and above
which leads to arbitrary file disclosure in the virtual path.
In addition we have included also details about the "T" exploit
that can be used to circumvent initial Microsoft workaround.

For more information:
http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html


Regards,

Giorgio Fedon

Minded Security Research Team
www.mindedsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.