Scrum Masters

Kentor.AuthServices 0.21.2 Security Release | Passion for Coding


< div id=”primary” class=”col-md-8 “>
. .

Kentor.AuthServices 0.21.2 has actually simply been launched to NuGet. It is a security release repairing 3 problems.

  1. XML External Entity Injection (affecting.NET 4.5 just)
  2. Harmful IdP can trigger compose to approximate file
  3. Flawed ReturnUrl recognition causes Open Redirect

The very first 2 problems were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have actually feared the day when I would get a security problem I am incredibly delighted with the professionalism of the disclosure. I got the report independently, consisting of in-depth descriptions, recreation actions and strong suggestions on how to repair it. I am extremely grateful you put in the time to examine AuthServices and discover the problems and for the in-depth reports.

More information on the vulernabilities will be released later on.

. Published in . Web on 2017-05-05|Tagged Kentor.AuthServices, Security
. . . .
Software Application Advancement is a Task– Coding is an Enthusiasm

. I’m Anders Abel, an independent systems designer and designer in Stockholm, Sweden. . ( *) . . . .

. . (* )Code for the majority of posts is offered on my GitHub account. .

Archives Archives

Select Month

Owin Authentication (5)