SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  /ecp/default.aspx Access

Category: INFO      

Instead of having randomly-generated keys on a per-installation basis, all installations of Microsoft Exchange Server have the same validationKey and decryptionKey values in web.config. Due to the use of static keys, an authenticated attacker can trick the server into deserializing maliciously crafted ViewState data.

References
http://projects.webappsec.org/Fingerprinting


Relevant Information