I found ASP.NET Padding Oracle Vulnerability on http://www.pidgin.im

Ethan Blanton elb at pidgin.im
Fri Mar 29 08:22:46 EDT 2013


Since I can't tell if this is a spam or what (it doesn't have any
bogus links), I'll bite.

mohammed al-saggaf spake unto us the following wisdom:
> I am security and I found ASP.NET Padding Oracle Vulnerability on
> http://www.pidgin.im that ASP.Net uses encryption to hide sensitive data
> and protect it from tampering by the client. However, a vulnerability in
> the ASP.Net encryption implementation can allow an attacker to decrypt and
> tamper with this data. This vulnerability exists in all versions of ASP.NET
> .

We don't use asp.net or Oracle.  You're confused.

Ethan




More information about the Support mailing list