profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers


Kentor.AuthServices 0.21.2 has simply been launched to NuGet. It is a safety launch fixing three points.

  1. XML External Entity Injection (affecting .NET 4.5 solely)
  2. Malicious IdP may cause write to arbitrary file
  3. Flawed ReturnUrl validation results in Open Redirect

The first two points have been reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I’ve dreaded the day after I would get a safety problem I’m extraordinarily proud of the professionalism of the disclosure. I acquired the report privately, together with detailed descriptions, copy steps and strong suggestions on repair it. I’m very grateful you took the time to overview AuthServices and discover the problems and for the detailed reviews.

More particulars on the vulernabilities can be printed later.


Posted in
Web on 2017-05-05 | Tagged Kentor.AuthServices, Security





Software Development is a Job – Coding is a Passion


I’m Anders Abel, an unbiased techniques architect and developer in Stockholm, Sweden.






Code for many posts is obtainable on my GitHub account.

Archives


Series


Source link