Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-development applications that opens password files and other sensitive data to interception and tampering.
The vulnerability in the way ASP.Net apps encrypt data was disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a temporary fix for the so-called “cryptographic padding attack,” which allows attackers to decrypt protected files by sending vulnerable systems large numbers of corrupted requests.
Now, Microsoft security pros say they are seeing “limited attacks” in the wild and warned that they can be used to read and tamper with a system's most sensitive configuration files.
No comments:
Post a Comment