Geeks With Blogs
Scott Kuhl Warning: I may have no idea what I am talking about!

McAfee published a whitepaper that helps developers understand how to better protect against replay attacks in applications based on ASP.NET. Replay attacks are possible when an unauthorized user gains access to another user's cookie, which can lead to session hijacking.

Microsoft also issued an article about the problem, which pertains to forms authentication.

The Microsoft article specifically addresses the problem with the FormsAuthentication.SignOut method in ASP.NET 2.0.  However, the McAfee article points to the problem in ASP.NET 1.1.

WindowsITPro Article

Posted on Thursday, September 8, 2005 7:00 AM Security | Back to top

Comments on this post: McAfee and Microsoft Warn About ASP.NET Forms Authentication

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Scott Kuhl | Powered by: