Kentor.AuthServices 0.21.2 has simply been launched to NuGet. It is a safety launch fixing three points.
- XML External Entity Injection (affecting .NET 4.5 solely)
- Malicious IdP may cause write to arbitrary file
- Flawed ReturnUrl validation results in Open Redirect
The first two points have been reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I’ve dreaded the day after I would get a safety problem I’m extraordinarily proud of the professionalism of the disclosure. I acquired the report privately, together with detailed descriptions, copy steps and strong suggestions on repair it. I’m very grateful you took the time to overview AuthServices and discover the problems and for the detailed reviews.
More particulars on the vulernabilities can be printed later.
Software Development is a Job – Coding is a Passion
Archives
Series
Related posts:
PM-Summit 2018 in München
Masterstudium im Projektmanagement – Lohnt sich das?
The distinction of being introverting vs being shy David & Glaudia #WhoIsagile #WIa45 - Yves Hanoull...
Buchtipps zum Wochenende
Extraordinarily Badass Agile Coaching, Re-read Saturday, Week 9, Chapters 8 and 9- An Agile Coaching...
Remembering Jerry: The Gift of Time
Scrum Master Roles as well as Responsibilities|Scrum Master ...
Organisational Psychotherapy – Be a Part of the Next Big Thing in Business!
Hearts Over Diamonds: The Fundamentals of Organisational Psychotherapy
Why IT tasks are underestimated
James (Shore) is a greater facilitator due to his position enjoying expertise... #WhoIsagile #WIa48 ...
Creating the inspiration of belief