微软示警 ASP.NET 重大安全漏洞,超 3000 公开密钥恐致服务器沦陷
微软威胁情报专家近期发现,一些开发者在软件开发中使用了在代码文档和代码库平台上公开的 ASP.NET validationKey 和 decryptionKey 密钥(这些密钥原本设计用于保护 ViewState 免遭篡改和信息泄露)。
The Hacker News3 天
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft warns of 3,000+ publicly disclosed ASP.NET machine keys that enable ViewState code injection attacks, leading to ...
Microsoft3 天
Code injection attacks using publicly disclosed ASP.NET machine keys
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ...
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys ...