Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 30, 2010

ASP.NET padding vulnerability explained and exploited

First of all, the ASP.NET padding oracle patch is now available through Microsoft Update. Patch your servers before you keep on reading!

The saga goes on as lots of information on the ASP.NET padding oracle vulnerability is becoming available around the Internet. Many articles surface that range from days to weeks old. One example is this very detailed explanation of the padding oracle attack, dated September 14th. Linked in the article is the Padbuster tool, which was updated to attack ASP.NET sites in version 0.2 quite recently. Others have also released tools, like the one at Minded Security Blog, dated Tuesday 28th. Note the fortnight in between these two posts. Looking at the first one, no wonder Microsoft was in a hurry to get a patch out!

With the current state of affairs, it would be reckless to not patch Internet facing servers. New tools to exploit ASP.NET are popping up rapidly around the Internet. Web application scanners will be updated to check for the vulnerability. If you still haven't patched your servers, start reading this post from the top again — but this time read the first sentence!


  1. Keep up the fantastic piece of work, I read few articles on this website and I believe that your website is real interesting and has got bands of wonderful information.

  2. Very good informative article. Thanks for sharing such nice article, keep on up dating such good articles.

  3. And you need to know that this article could provide you with all you possibly need to know about how to write interesting reflection paper. Good luck mate

  4. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    post free classified ads in india

  5. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    Scaffolding Dealers in Chennai
    Aluminium Scaffolding Dealers in Chennai

  6. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    web portal development company in chennai

  7. ASP.NET is a developer platform made up of tools, programming languages, and libraries for building many types of applications. This field is profitable and through this, you can earn a lot of money. Dissertation writing services.

  8. یکی از بهترین سایت های موزیک برای دانلود آهنگ سایته: دانلود آهنگ جدید
    می باشد که دارای ارشیو کامل از

  9. Amazing Post! I read your post, it is really awesome and informative. I hope you will post like this in future. Visit my website to Recover Deactivated AOL Account


Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts