Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues.

  1. XML External Entity Injection (affecting .NET 4.5 only)
  2. Malicious IdP can cause write to arbitrary file
  3. Flawed ReturnUrl validation leads to Open Redirect

The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have dreaded the day when I would get a security issue I am extremely happy with the professionalism of the disclosure. I got the report privately, including detailed descriptions, reproduction steps and solid recommendations on how to fix it. I am very grateful you took the time to review AuthServices and find the issues and for the detailed reports.

More details on the vulernabilities will be published later.

Posted in Web on 2017-05-05 | Tagged Kentor.AuthServices, Security
Software Development is a Job – Coding is a Passion

I’m Anders Abel, an independent systems architect and developer in Stockholm, Sweden.

profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers

Code for most posts is available on my GitHub account.

Archives

Series


Source link

Related posts:

Acts of Leadersheep – TastyCupcakes.org
Agile Requirements Process
Extraordinarily Badass Agile Coaching, Re-read Saturday, Week 11, Chapter 11 – The Badass Agile Coac...
Commonalities and Differences
IT Management
When agile fails: Mindsets – confirm blog
Avoid certainty and embrace inquiry
Eliminating The 7 Wastes of Software Development With Kim Poremski
The Real Relationship Between Scrum & Kanban - Agile Advice
Everyone Must Talk to Customers
CISSP考試心得 – 連昱翔 (Ivan) by Wentz Wu, CISSP/ISSMP/ISSAP/ISSEP,CCSP,CSSLP,CISM,PMP,CBAP
Quintessential Morons
By : KatePosted on Categories : Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *