Skip to main content

Microsoft .NET Framework XML Signature HMAC Truncation Authentication Bypass Vulnerability( 09 June 2010 )

Last Update Date: 28 Jan 2011 Release Date: 9 Jun 2010 5450 Views

RISK: Medium Risk

A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.


Impact

  • Data Manipulation

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link