Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Telerik Web UI Insufficiently Protected Credentials Vulnerability - CVE-2017-9248 - Vulnerability Database
Telerik Web UI

Telerik Web UI Insufficiently Protected Credentials Vulnerability - CVE-2017-9248

Critical
Reference: CVE-2017-9248
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-9248
Title: Telerik Web UI Insufficiently Protected Credentials Vulnerability
Overview:

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey which makes it easier for remote attackers to defeat cryptographic protection mechanisms leading to a MachineKey leak arbitrary file uploads or downloads XSS or ASP.NET ViewState compromise.