Main Vulnerability Database Exploits ID:9325 - Exploit for Insufficiently protected credentials in UI for ASP.NET AJAX - CVE-2017-9248

ID:9325 - Exploit for Insufficiently protected credentials in UI for ASP.NET AJAX - CVE-2017-9248

Published: September 18, 2023

Vulnerability identifier: #VU77480

Vulnerability risk: High

CVE-ID: CVE-2017-9248

CWE-ID: CWE-522

Exploitation vector: Remote access

Vulnerable software:
UI for ASP.NET AJAX

Link to public exploit:

https://github.com/blacklanternsecurity/dp_cryptomg

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey. A remote attacker can defeat cryptographic protection mechanisms.

Remediation

Install update from vendor's website.

ID:9325 - Exploit for Insufficiently protected credentials in UI for ASP.NET AJAX - CVE-2017-9248

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human