Tuesday, December 28, 2010

Microsoft's Recommendation on View State Mac

Advisory

Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt
 
 
Analysis
 
Wrong or inadequate recommendations from Vendor can play a vital role in its customers who might always stay compliance with vendor' documentation and recommendation.
Researchers from SpiderLabs pointed out: 
 
"A vulnerability was alluded to in a 2004 Microsoft article on
troubleshooting view state problems [1]. However, other
Microsoft documents recommend disabling view state signing
"if performance is a key consideration," [2, 3, 4] or for
various other reasons [5, 6]. 
Realistically, unsigned view states should never be used in a production environment."
  

No comments:

Post a Comment