ASP.NET Security Hole

Encrypted applications on Microsoft’s .NET framework are vulnerable without the patch.

From Microsoft website:
“An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server.”


I can’t believe Microsoft was so slow to produce a patch.

Patch here:

Also, discussion about the vulnerability here:

Bad Microsoft!!