Is SharePoint susceptible to asp.net security advisory 2416728
Reading through recent ASP.Net security advisory 2416728 (http://www.microsoft.com/technet/security/advisory/2416728.mspx), it appeared to me that Sharepoint would
NOT be susceptible to this security volunerability - just wanted confirmation of this. Thanks
September 20th, 2010 3:37pm
By default, SharePoint shows its own custom errors so a hacker wouldn't be able to view the ASP.NET errors that typically show in .NET web applications. So yes, theoretically SharePoint's attack surface isn't affected by this vulnerability.
However, sometimes administrators or developers will turn this feature off in order to view the classic ASP.NET error screens. This could pose a real issue regarding this security alert, and may compromise your system.
Here is a website that providers a great explanation:
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
http://donahoo-development.com
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2010 6:18pm
here is the anwser from microsoft.
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx?utm_source=feedburner&utm_medium=email&utm_campaign=Feed:+sharepointteamblog+(Microsoft+SharePoint+Products+and+Technologies+Team+Blog)
hope this will works.
thanks
-wsi am at SharePoint administrator
September 21st, 2010 4:25pm
This answer specifically addresses SharePoint 2010.
I assumed we were talking about pre-SharePoint 2010 solutions...http://donahoo-development.com
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2010 5:23pm