Gridding .NET : ASP.NET authentication security bug in IIS4/IIS5(ASP.NET on IIS6 Windows 2003 is not affected)

posted on Saturday, October 02, 2004 9:59 PM by stefandemetz

ASP.NET authentication security bug in IIS4/IIS5(ASP.NET on IIS6 Windows 2003 is not affected)

As written here

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

http://weblogs.asp.net/lbarbieri/archive/2004/10/02/237049.aspx

http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237042.aspx
http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237055.aspx

Solutions:
1)Here is some code for a httpmodule to obviate to the problem
http://blogs.devleap.com/rob/archive/2004/10/02/1803.aspx
http://www.mostlylucid.co.uk/archive/2004/10/07/1396.aspx

2)PLEASE PLEASE PLEASE install for IIS4/IIS5:
URLSCAN : http://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asp
IIS Lockdown tool: http://www.microsoft.com/technet/security/tools/locktool.mspx

Post a Comment ::

Comments