Security flaw on ASPNET sites

Just saw an interesting and worrisome article on Netcraft:
A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. A fix is not yet available, but Microsoft is offfering guidelines to help ASP.NET users secure their sites against intrusion attempts. The flaw exists only in ASP.NET, not ASP (Active Server Pages).
You can look up the full article and references on http://news.netcraft.com/archives/20..._password.html

Question: Can anyone shed a light on this topic? What can we do as a hosting provider to avoid or get arround this flaw?

 

 

 

 

Top