Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues.
- XML External Entity Injection (affecting .NET 4.5 only)
- Malicious IdP can cause write to arbitrary file
- Flawed ReturnUrl validation leads to Open Redirect
The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have dreaded the day when I would get a security issue I am extremely happy with the professionalism of the disclosure. I got the report privately, including detailed descriptions, reproduction steps and solid recommendations on how to fix it. I am very grateful you took the time to review AuthServices and find the issues and for the detailed reports.
More details on the vulernabilities will be published later.
Software Development is a Job – Coding is a Passion
Archives
Series
Source link
Related posts:
Acts of Leadersheep – TastyCupcakes.org
Agile Requirements Process
Extraordinarily Badass Agile Coaching, Re-read Saturday, Week 11, Chapter 11 – The Badass Agile Coac...
Commonalities and Differences
IT Management
When agile fails: Mindsets – confirm blog
Avoid certainty and embrace inquiry
Eliminating The 7 Wastes of Software Development With Kim Poremski
The Real Relationship Between Scrum & Kanban - Agile Advice
Everyone Must Talk to Customers
CISSP考試心得 – 連昱翔 (Ivan) by Wentz Wu, CISSP/ISSMP/ISSAP/ISSEP,CCSP,CSSLP,CISM,PMP,CBAP
Quintessential Morons