ASP.Net Insecure Redirect

Posted by on January 9, 2012 · Comments Off on ASP.Net Insecure Redirect
Filed under: Development, Security 

It was recently discovered that there was a vulnerability within the ASP.Net Forms Authentication process that could allow an attacker to force a user to visit a malicious web site upon success authentication.  Until this vulnerability was found, it was thought that the only way to allow the Forms Authentication redirect (managed by the ReturnUrl ...

ASP.Net Forms Authentication Bypass

Posted by on January 5, 2012 · Comments Off on ASP.Net Forms Authentication Bypass
Filed under: Security 

It was recently announced that there is a vulnerability in ASP.Net Forms Authentication.  The vulnerability allows an attacker to assume the identity of another user within the application without the need to know the victim’s password.  This is a critical vulnerability as it could allow users to execute commands they do not have access to.   ...