Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues.
- XML External Entity Injection (affecting .NET 4.5 only)
- Malicious IdP can cause write to arbitrary file
- Flawed ReturnUrl validation leads to Open Redirect
The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have dreaded the day when I would get a security issue I am extremely happy with the professionalism of the disclosure. I got the report privately, including detailed descriptions, reproduction steps and solid recommendations on how to fix it. I am very grateful you took the time to review AuthServices and find the issues and for the detailed reports.
More details on the vulernabilities will be published later.
Software Development is a Job – Coding is a Passion
Archives
Series
Source link
Related posts:
Monroe's Motivated Sequence: Messages with Massive Impact - Project Bliss
SPaMCAST 2022 Top Ten Countdown!
CISSP考試心得 – 許宗仁 (TJ.Hsu) by Wentz Wu, CISSP/ISSMP/ISSAP/ISSEP,CCSP,CSSLP,CISM,PMP,CBAP
Know where you are an expert and where you are an idiot
An Agile Approach to Requirements
Inconvenient Truth Revealed: Can You Really Force Culture Change in Your Organization?
SPaMCAST 736 – Does Engagement Matter? A Panel Discussion
Are You a Complicated Person?
In medias res ("Into the midst of things")
Revolutionise Your Development: The Benefits of Ditching Version Control
Data-Driven Decisions: How Using Evidence Transforms the Way We Do Business
IT Management Frameworks Overview - Video 001